- From: Reto Bachmann-Gmür <reto@gmuer.ch>
- Date: Wed, 28 Jul 2010 11:16:14 +0200
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Alexey Melnikov <alexey.melnikov@isode.com>, Mark Baker <mark@zepheira.com>, "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Jul 28, 2010 at 10:30 AM, Julian Reschke <julian.reschke@gmx.de> wrote: > On 28.07.2010 10:21, Alexey Melnikov wrote: >> >> ... >> Either this, or clarify that the userinfo part is not allowed in HTTP >> (but maybe used in other contexts). >> It would probably be safer to prohibit userinfo use on the wire. >> ... > > On the wire it would be in a different place anyway, right? > > As far as I understand, this is really about the URI syntax only... It might be transferred over the wire in hypertext links, where it is clearly problematic. I am however wondering if for https the userinfo section could be used to encode/hash the public key of the linked party allowing additional security or trust in "self-signed" certificates (by a p2p chain of trust). This would integrate Tyler Close's httpsy[1] idea into https. Cheers, reto 1. http://www.waterken.com/dev/YURL/httpsy/
Received on Wednesday, 28 July 2010 09:16:48 UTC