Safe: Yes now, GETWBODY later? [was: Re: draft-holtman-http-safe-01.txt]

Following on your summary ... you aren't satisfied that the level of
client control you desire exists using a header because a server might
choose to ignore it?

Also, you are attempting to state a requirement which is outside the scope
of what Koen and I are attempting to address with our respective drafts?

And I think we agree that introducting a new method probably requires a
new version of the protocol.  Clearly there is a deployment problem with
proxies which will not recognize a new method.  In your scenario, an
origin server which didn't recognize the method would reject the request
so the client wouldn't be miss-led into believing it was safe.

[aside: I'm not sure there is any greater risk that a CGI program attached
to a server which recognizes GETWBODY would ignore a Safe: Yes in the
request than the risk that the same CGI program would ignore the request
method. Poorly written code is poorly written code. Test for NOT GET and
content length!=0 === POST more often than not.]

All this to suggest that we can move forward with Safe/UAHINT as written
as far as your requirement is concerned and you or someone else who wants
to champion the GETWBODY can describe the proposal in a new INet draft or
wait until the floor is open for the next HTTP version and lobby for the
change at that time.

Does that seem reasonable?


PS. For the http-wg list ... we are discussion the Safe: Yes proposal in
draft-holtman-http-safe-01.txt and the alternative syntax for
incorporating the same function in the UA-Hint: header proposed in

Received on Thursday, 20 March 1997 18:42:04 UTC