Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8) from Wilfredo Sánchez Vega on 2006-10-19 (ietf-http-wg@w3.org from October to December 2006)

From: Wilfredo Sánchez Vega <wsanchez@wsanchez.net>
Date: Thu, 19 Oct 2006 15:16:32 -0700
To: lists@ingostruck.de
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <E4C66BFF-4434-4D10-9D31-FAFC7A43DC60@wsanchez.net>

   Which is why I wouldn't think it wise to enable an unsafe  
configuration by default or to encourage such a thing.  But this is  
ultimately the call of the server administrator, and if they wish to  
configure the server to allow plain text over the wire, it's up to  
them, not me.

	-wsv

On Oct 19, 2006, at 3:30 PM, Ingo Struck wrote:

> Keep in mind that "as a server author" you have
> to make best efforts to safeguard the needs of
> your clients and the users thereof -- if you offer
> something they use credulously without realizing
> the negative impacts of using it you could be held
> liable for that, at least your users could accuse you
> of wanton negligence...

Received on Thursday, 19 October 2006 22:31:09 UTC