- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 20 Jun 2012 20:15:11 +0200
- To: 'HTTP Working Group' <ietf-http-wg@w3.org>
- CC: David Morris <dwm@xpasc.com>
On 2012-06-20 20:01, David Morris wrote: > > > On Wed, 20 Jun 2012, Julian Reschke wrote: > >> On 2012-06-20 06:11, Mark Nottingham wrote: >>> > >>> How about, after those two paragraphs: >>> >>> """ >>> A server receiving credentials that are valid, but not adequate to gain >>> access, ought to respond with the 403 (Forbidden) status code. >>> """ > > Seems to me that 'ought to' should either be 'SHOULD' or 'MAY'? "MAY" isn't helping at all. "SHOULD" would make those who do not do this non-compliant. Do we want to do that? (note it would conflict with the "If the server does not wish to make this information available to the client, the status code 404 (Not Found) MAY be used instead." that we have in the definition of 403). Best regards, Julian
Received on Wednesday, 20 June 2012 18:15:48 UTC