- From: Stefan Eissing <stefan.eissing@greenbytes.de>
- Date: Mon, 5 Mar 2012 11:52:57 +0100
- To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
- Cc: Willy Tarreau <w@1wt.eu>, Anne van Kesteren <annevk@opera.com>, Julian Reschke <julian.reschke@gmx.de>, URI <uri@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>, Ian Hickson <ian@hixie.ch>
Am 05.03.2012 um 11:43 schrieb Poul-Henning Kamp: > > I could understand it if the userinfo pointed to a PSK, but sending > the actual AES key as part of the request defeats any attempt at > privacy I can see ? I assume the intention is to omit the userinfo in the request, as it is done with the userinfo in the standard http scheme. It would be interesting to hear more about the intended use scenario. My gut feeling is that URIs are public by nature and like to be written down. Also, would the fragment identifier, given that a new scheme is introduced anyway, not be a better place to store information for the client? Cheers, Stefan <green/>bytes GmbH Hafenweg 16, 48155 Münster, Germany Phone: +49 251 2807760. Amtsgericht Münster: HRB5782
Received on Monday, 5 March 2012 10:53:29 UTC