On Wed, Jul 28, 2010 at 10:30 AM, Julian Reschke <julian.reschke@gmx.de> wrote: > On 28.07.2010 10:21, Alexey Melnikov wrote: >> >> ... >> Either this, or clarify that the userinfo part is not allowed in HTTP >> (but maybe used in other contexts). >> It would probably be safer to prohibit userinfo use on the wire. >> ... > > On the wire it would be in a different place anyway, right? > > As far as I understand, this is really about the URI syntax only... It might be transferred over the wire in hypertext links, where it is clearly problematic. I am however wondering if for https the userinfo section could be used to encode/hash the public key of the linked party allowing additional security or trust in "self-signed" certificates (by a p2p chain of trust). This would integrate Tyler Close's httpsy[1] idea into https. Cheers, reto 1. http://www.waterken.com/dev/YURL/httpsy/Received on Wednesday, 28 July 2010 09:16:48 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:24 GMT