- From: Robert Sayre <sayrer@gmail.com>
- Date: Sat, 4 Nov 2006 14:59:23 -0500
- To: "Henrik Nordstrom" <hno@squid-cache.org>
- Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
On 11/4/06, Henrik Nordstrom <hno@squid-cache.org> wrote: > lör 2006-11-04 klockan 10:47 -0800 skrev Lisa Dusseault: > > > So I guess a decision that CLIENTS MUST support Basic and Digest in a > > new HTTP RFC, might be signalled by a minor version bump. > > I too don't see thy a version bump would even be remotely needed in this > case. It's already the server who dictates which authentication > protocols is acceptable to the server, An HTTP/1.1 message is not a guarantee that the sender supports any authentication mechanism. Servers receiving a hypothetical HTTP/1.2 message could make that assumption. > HTTP version numbers do have an implicit defined meaning: They have an explicit meaning. See RFC 2145. Additionally, RFC 2616 defines the term "conditional compliance". RFC 2616 section 3 also defines the term "conditional compliance", which is not compatible with the addition of a MUST-level security mechanism. "An HTTP client MUST NOT send a version for which it is not at least conditionally compliant.' -- Robert Sayre
Received on Saturday, 4 November 2006 19:59:34 UTC