- From: Larry Masinter <masinter@gmail.com>
- Date: Fri, 19 Jan 2007 11:05:46 -0800
- To: <ietf-http-wg@w3.org>
In my opinion: * The current spec is ambiguous, and needs clarification * Although, in general, it is not appropriate to 'tighten' a specs requirements, in some cases (and in this case) it is the right choice: There are few clients that send LWS between header name and :. There are already many servers that reject such requests. So, in my opinion, we should change the spec that clients MUST NOT send LWS in headers before the :, and that servers MUST reject any such message as malformed. This may make a few servers that were previously compliant non-compliant, but in general it will improve interoperability and security.
Received on Friday, 19 January 2007 19:06:01 UTC