Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8) from Robert Sayre on 2006-11-04 (ietf-http-wg@w3.org from October to December 2006)

From: Robert Sayre <sayrer@gmail.com>
Date: Sat, 4 Nov 2006 17:07:00 -0500
To: "Henrik Nordstrom" <hno@squid-cache.org>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <68fba5c50611041407pf275e7dw4362ebc2886d7e1f@mail.gmail.com>

On 11/4/06, Henrik Nordstrom <hno@squid-cache.org> wrote:
>
> Making the use of a new header mandatory does not require a new protocol
> version, just a new standard strack RFC defining the header as
> mandatory.

Which part of RFC 2145 or RFC 2616 supports this assertion? I think
they both contradict it.

A new RFC can make a header mandatory for RFCNNNN compliance, but not
HTTP/1.1 compliance.

-- 

Robert Sayre

Received on Saturday, 4 November 2006 22:07:08 UTC