- From: Lisa Dusseault <lisa@osafoundation.org>
- Date: Sun, 5 Nov 2006 13:23:23 -0800
- To: Henrik Nordstrom <hno@squid-cache.org>
- Cc: Robert Sayre <sayrer@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Nov 4, 2006, at 2:42 PM, Henrik Nordstrom wrote: > lör 2006-11-04 klockan 17:27 -0500 skrev Robert Sayre: >> On 11/4/06, Henrik Nordstrom <hno@squid-cache.org> wrote: >>> lör 2006-11-04 klockan 17:07 -0500 skrev Robert Sayre: >>> >>>> A new RFC can make a header mandatory for RFCNNNN compliance, >>>> but not >>>> HTTP/1.1 compliance. >>> >>> Exacly what I said. >> >> OK. Then I submit that such an RFC cannot claim to define HTTP/1.1. > > Agreed. It's at most an standards track extension to HTTP/1.1. Slight disagreement here: if RFCNNNN obsoleted RFC2616, without bumping the version number, it had better be backwards compatible -- but it is more than a standards track extension to HTTP/1.1, it becomes the new best definition of HTTP/1.1. > > Also for the record I am against that implementation of strong > authentication should be mandatory for HTTP protocol compliance. > > A requirement of implementation of a well defined strong > authentication > scheme IF authentication is implemented is fine however. That's not a bad start. The next thing to think about is to ask in what cases authentication implementation IS required. I certainly agree with those who've said that authentication isn't necessary in some uses of HTTP. Lisa
Received on Sunday, 5 November 2006 21:23:39 UTC