Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

On 11/4/06, Paul Leach <> wrote:
> Which is pretty silly given that proprietary Web server applications
> exist only as deployed--there is no separate "implementation".
> [Paul Leach] I don't understand the above sentence.

Increasingly, software is written expressly for one website, not
distributed through traditional commercial software channels such as
CD-ROMs or pre-installed on new computers. This style of deployment
has a lot of advantages, and the implement/configure distinction is
meaningless. There is only one copy.

At any rate, I believe other messages have established that the
meaning of the HTTP version number field is pretty clear. I think the
list should revisit this topic when everyone is prepared to accept the
requirements of RFC 2616 and RFC 2145. Is there something unclear
about "conditional conformance"?


Robert Sayre

Received on Sunday, 5 November 2006 04:20:00 UTC