Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

On Tue, 2006-10-17 at 20:38 -0400, Robert Sayre wrote:
> Does anyone think mandatory-to-implement authentication schemes or
> transport-layer security mechanisms will be helpful and realistic? 

No: Lots of folk started offering HTTP/1.1 in their version line long
before they were even vaguely conformant, and new implementations still
show up with plenty of bugs (we ran into one just this month in fact).

I think that most existing implementations would just ignore it.

GPG key available at: <>.

Received on Wednesday, 18 October 2006 07:14:53 UTC