- From: Paul Leach <paulle@windows.microsoft.com>
- Date: Sat, 4 Nov 2006 20:10:09 -0800
- To: Robert Sayre <sayrer@gmail.com>
- CC: Henrik Nordstrom <hno@squid-cache.org>, HTTP Working Group <ietf-http-wg@w3.org>
-----Original Message----- From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Robert Sayre On 11/4/06, Paul Leach <paulle@windows.microsoft.com> wrote: > It's what those words mean. > With no malice, I don't think you have good understanding of how the IESG interprets "mandatory-to-implement". [Paul Leach] I believe I do. I've been through this a couple times before with other RFCs. Let's say Basic becomes[Paul Leach] mandatory-to-implement. That means FooCorp could not distribute a FooCorp-branded client that has no way to be configured for Basic authentication and claim HTTP conformance. [Paul Leach] That's correct. But it can be compliant and be _configured_ to _not_ use Basic, as long as it can also be configured _to_ use Basic -- i.e., as long as it implements Basic. That's the difference between MUST and a "mandatory-to-implement" option. Which is pretty silly given that proprietary Web server applications exist only as deployed--there is no separate "implementation". [Paul Leach] I don't understand the above sentence.
Received on Sunday, 5 November 2006 04:10:56 UTC