MUST and SHOULD, other kinds of proxies, and ISSUE PROXY-AUTHORIZATION

Whether something is "MUST" or "SHOULD" or "MAY" is not
really a matter of deciding who wants things to be that way,
or what the contractual expectations could be if an implementation
is declared to be 'conformant'.

The requirements we place on implementations should be justified
as being necessary, either for interoperability, the proper
functioning of the Internet, the avoidance of security or other
threats, etc.

In a few cases, we've tried to influence interoperability
more indirectly (the requirement that a server MUST reject
a 1.1 request without a Host header comes to mind) but those
situations are unusual.

In general, the transition from Proposed to Draft will loosen
those requirements that are discovered, in practice, to not
actually be required. We don't do ourselves or anyone else a
service trying to impose anything other than sound advice on
what MUST be done in order to create a reliable, functioning,
non-disruptive implementation.

We've tried, in HTTP/1.1, to be clearer about the requirements
on proxies, but it may be that there are more categories of
agents that act as servers to some HTTP clients and clients to
other HTTP servers than simple caching proxies, and that we
need to acknowledge this more explicitly.

Henrik's rewording of the 

Received on Thursday, 10 July 1997 08:52:36 UTC