W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: Op-sec simplification

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 2 Nov 2016 11:54:10 +1100
Message-ID: <CABkgnnVbuR8TFLLHjE90fxXm83Di68_sD8OTme1jE-3Qi6RnaQ@mail.gmail.com>
To: Mike Bishop <Michael.Bishop@microsoft.com>
Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, Mark Nottingham <mnot@mnot.net>, HTTP working group mailing list <ietf-http-wg@w3.org>
On 2 November 2016 at 04:33, Mike Bishop <Michael.Bishop@microsoft.com> wrote:
> I think the case for TBD2 is that the client sent an "ambiguous" request -- that is, connecting over port 443 and not specifying http:// or https://, but just sending e.g. GET /resource.

I think my rationale could be restated more simply as: "there is
always a scheme, just that HTTP/1.1 requires that it be implicit".

BTW, Kari's example of an opportunistic-only server can be handled by 421.
Received on Wednesday, 2 November 2016 00:54:43 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 2 November 2016 00:54:45 UTC