W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

From: William A. Rowe, Jr. <wrowe@rowe-clan.net>
Date: Sun, 05 Nov 2006 00:22:06 -0600
Message-ID: <454D830E.1060700@rowe-clan.net>
To: Paul Leach <paulle@windows.microsoft.com>
CC: Robert Sayre <sayrer@gmail.com>, Henrik Nordstrom <hno@squid-cache.org>, HTTP Working Group <ietf-http-wg@w3.org>

Paul Leach wrote:
> That's because making a protocol feature mandatory-to-implement does NOT
> make it mandatory to configure. Hence, for example, one could not
> deduce, from either an HTTP/1.1 or a new HTTP/1.2 sent by a client, that
> a server can send Basic or Digest challenge and be assured that it will
> be understood by the client.

Not if they implemented an RFC 2616 client.
Received on Sunday, 5 November 2006 06:22:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 9 September 2019 17:47:10 UTC