- From: Yves Lafon <ylafon@w3.org>
- Date: Tue, 14 Oct 2008 10:37:08 -0400 (EDT)
- To: Brian Smith <brian@briansmith.org>
- cc: 'Stefanos Harhalakis' <v13@v13.gr>, 'Julian Reschke' <julian.reschke@gmx.de>, ietf-http-wg@w3.org
On Mon, 13 Oct 2008, Brian Smith wrote:
> Yves Lafon wrote:
>> On Sun, 12 Oct 2008, Stefanos Harhalakis wrote:
>> In the same vein, refusing overlapping range request that
>> would be bigger than exporting the whole document (and
>> serving the document instead) seems to be a sane
>> implementation choice, but the spec shouldn't cover all
>> those corner cases, IMHO.
>
> I agree that the specification doesn't need to be ammended to allow the
> server to refuse these requests since the server can already refuse them.
> However, it should be mentioned in the security considerations.
Agreed. and it's the case for all known security issues.
--
Baroula que barouleras, au tiéu toujou t'entourneras.
~~Yves
Received on Tuesday, 14 October 2008 14:37:24 UTC