Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8) from Henrik Nordstrom on 2006-11-04 (ietf-http-wg@w3.org from October to December 2006)

From: Henrik Nordstrom <hno@squid-cache.org>
Date: Sat, 04 Nov 2006 23:42:50 +0100
To: Robert Sayre <sayrer@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1162680170.11880.274.camel@henriknordstrom.net>

lör 2006-11-04 klockan 17:27 -0500 skrev Robert Sayre:
> On 11/4/06, Henrik Nordstrom <hno@squid-cache.org> wrote:
> > lör 2006-11-04 klockan 17:07 -0500 skrev Robert Sayre:
> >
> > > A new RFC can make a header mandatory for RFCNNNN compliance, but not
> > > HTTP/1.1 compliance.
> >
> > Exacly what I said.
> 
> OK. Then I submit that such an RFC cannot claim to define HTTP/1.1.

Agreed. It's at most an standards track extension to HTTP/1.1.

Also for the record I am against that implementation of strong
authentication should be mandatory for HTTP protocol compliance.

A requirement of implementation of a well defined strong authentication
scheme IF authentication is implemented is fine however.

Regards
Henrik

Received on Saturday, 4 November 2006 22:43:06 UTC