W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

From: Robert Collins <robertc@robertcollins.net>
Date: Wed, 18 Oct 2006 04:34:52 +0000
To: Robert Sayre <sayrer@gmail.com>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1161145025.3423.6.camel@localhost.localdomain>
On Tue, 2006-10-17 at 20:38 -0400, Robert Sayre wrote:
> Does anyone think mandatory-to-implement authentication schemes or
> transport-layer security mechanisms will be helpful and realistic? 

No: Lots of folk started offering HTTP/1.1 in their version line long
before they were even vaguely conformant, and new implementations still
show up with plenty of bugs (we ran into one just this month in fact).

I think that most existing implementations would just ignore it.

GPG key available at: <http://www.robertcollins.net/keys.txt>.

Received on Wednesday, 18 October 2006 07:14:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:40 UTC