W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

From: Wilfredo Sánchez Vega <wsanchez@wsanchez.net>
Date: Thu, 19 Oct 2006 15:16:32 -0700
Message-Id: <E4C66BFF-4434-4D10-9D31-FAFC7A43DC60@wsanchez.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
To: lists@ingostruck.de

   Which is why I wouldn't think it wise to enable an unsafe  
configuration by default or to encourage such a thing.  But this is  
ultimately the call of the server administrator, and if they wish to  
configure the server to allow plain text over the wire, it's up to  
them, not me.


On Oct 19, 2006, at 3:30 PM, Ingo Struck wrote:

> Keep in mind that "as a server author" you have
> to make best efforts to safeguard the needs of
> your clients and the users thereof -- if you offer
> something they use credulously without realizing
> the negative impacts of using it you could be held
> liable for that, at least your users could accuse you
> of wanton negligence...
Received on Thursday, 19 October 2006 22:31:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:28 UTC