- From: Eduardo Casais <casays@yahoo.com>
- Date: Wed, 23 Sep 2009 07:37:28 -0700 (PDT)
- To: public-bpwg@w3.org
All right, let us nail down the decisions from the last
teleconference. The text of CT 1u is:
-----
H.1.2 Use of HTTP 403 Status
Servers should consider using an HTTP 403 Status if
concerned that the security of a link that it assumed to
be private has been compromised (for example as a
result of the presence of a Via HTTP header in an
HTTPS request).
-----
The sentence is to be grammatically (first part), formally (HTTP header field), and semantically (Via fields do not
cause security issues, they reveal them) corrected to:
-----
Servers should consider using an HTTP 403 Status if concerned that the security of a link assumed to be
private has been compromised (for example, the lack of
privacy may be inferred from the presence of a Via HTTP
header field in an HTTPS request).
-----
E.Casais
Received on Wednesday, 23 September 2009 14:38:08 UTC