Re: comments on draft-ietf-http-authentication-01.txt

Dave Kristol writes, regarding Paul's comments:

    > >     What should a client do if it receives unrecognized attributes?
    > >
    > Ignore them. I thought that was the "HTTP way" and needn't be expliclty
    > stated.
    > >     What should a server do if it receives unrecognized attributes?
    > >
    > Ditto.
    I don't think it hurts to be explicit here.  Furthermore, since I
    got beat up by Yaron about stating explicitly what agents should do
    with unrecognized attributes (namely, ignore) in RFC 2109, I feel
    obliged to return the favor.
I agree with Dave.  It may be hard for those of us who have spent
3-4 years on this mailing list to remember that not everyone has
so fully absorbed the "HTTP way."  And it would be inhumane to
suggest that any newcomer try to catch up.  (According to,
there are currently 8039 messages in the HTTP-WG archive!)

Whenever someone asks "what should X do in situation Y" and we
can't answer it by quoting directly (and only) from a written
specification (i.e., RFC or unexpired I-D), then we have a problem
that should be solved.  Answers of the form "do it the way it's
always been done", whether by appeal to folklore or source code,
don't replace proper specification.


Received on Friday, 27 March 1998 10:48:19 UTC