- From: William A. Rowe, Jr. <wrowe@rowe-clan.net>
- Date: Sat, 04 Nov 2006 14:41:55 -0600
- To: Lisa Dusseault <lisa@osafoundation.org>
- CC: "Roy T. Fielding" <fielding@gbiv.com>, Robert Sayre <sayrer@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Lisa Dusseault wrote: > > So I guess a decision that CLIENTS MUST support Basic and Digest in a > new HTTP RFC, might be signalled by a minor version bump.[...] > But a decision that SERVERS MUST support Basic and Digest -- well that > doesn't need a version bump at all to work. We already have a way for > servers to advertise support insofar as that's necessary for those > algorithms. This doesn't parse - it would immediately break a massive number of web applications, much as microsoft recently did in the IE client 'security' patches through their re-POST of failed POST requests sans-request-body. Requirements even on the server side can't realistically be altered within the confines of HTTP/1.0 /1.1. The only answer is to remove Basic for HTTP/1.2 or /2.0 in the future revision of the spec as a fundamentally broken mechanism, much as the HTTP/1.1 spec introduced manditory Host headers to force all browsers over to mass vhosting by-name. Bill
Received on Saturday, 4 November 2006 20:42:02 UTC