- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 6 May 2013 16:34:12 +1000
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Ken Murchison <murch@andrew.cmu.edu>, ietf-http-wg@w3.org
On 06/05/2013, at 4:30 PM, Julian Reschke <julian.reschke@gmx.de> wrote: > > a) For some of these, MUST may be better. I thought you were interested in keeping changes minimal... :) > b) It always has been MUST, why change it? Because strictly interpreted, it can result in leaking information about resources that require authentication (among other nonsensical conditions). > And most importantly: > > c) A conditional header field may be used to protect a potentially destructive request to change a resource that has been updated in between. Clients must be able to rely on that this protection works (and they do rely on it now), so it is a MUST fail. The also rely on a specific status code being returned in this case for diagnostics, so I believe it has to remain a "MUST fail" with this specific code. Great; we can make it MUST NOT apply the method, as we do elsewhere in several places already, whilst making the status code to return a SHOULD. Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Monday, 6 May 2013 06:34:39 UTC