Re: draft-ietf-http-state-mgmt-03.txt

> Implementation issue and *IMPOSSIBLE* to enforce. 

Take a look at the RFC1123 (host requirements) some time; you'll see
subsections there like "TELNET/USER INTERFACE" "FTP/USER INTERFACE".
There are a fair number of MUSTs in there..

Or the ipsec rfc's; they specify similar issues (e.g., the user MUST
be able to do manual keying).

I missed the PRIVACY section entirely; it probably be moved into the
security considerations section, or a backpointer with
`Privacy Issues: see section 7' added.

					- Bill

Received on Thursday, 1 August 1996 10:13:12 UTC