- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 05 Mar 2012 12:02:19 +0100
- To: Stefan Eissing <stefan.eissing@greenbytes.de>
- CC: Poul-Henning Kamp <phk@phk.freebsd.dk>, Willy Tarreau <w@1wt.eu>, Anne van Kesteren <annevk@opera.com>, URI <uri@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>, Ian Hickson <ian@hixie.ch>
On 2012-03-05 11:52, Stefan Eissing wrote: > > Am 05.03.2012 um 11:43 schrieb Poul-Henning Kamp: >> >> I could understand it if the userinfo pointed to a PSK, but sending >> the actual AES key as part of the request defeats any attempt at >> privacy I can see ? > > > I assume the intention is to omit the userinfo in the request, as > it is done with the userinfo in the standard http scheme. > > It would be interesting to hear more about the intended use scenario. > My gut feeling is that URIs are public by nature and like to be written > down. > > Also, would the fragment identifier, given that a new scheme is introduced > anyway, not be a better place to store information for the client? > ... -1; fragment identifier semantics depends on media type, not protocol... But yes, it's not entirely clear why this needs to be in the URI.
Received on Monday, 5 March 2012 11:02:57 UTC