W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2013

Re: #461, was: p4: editorial suggestions

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 6 May 2013 16:34:12 +1000
Cc: Ken Murchison <murch@andrew.cmu.edu>, ietf-http-wg@w3.org
Message-Id: <1BEACC84-4BA0-4E23-9E08-5EE6B74F03CF@mnot.net>
To: Julian Reschke <julian.reschke@gmx.de>

On 06/05/2013, at 4:30 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
> a) For some of these, MUST may be better.

I thought you were interested in keeping changes minimal... :)

> b) It always has been MUST, why change it?

Because strictly interpreted, it can result in leaking information about resources that require authentication (among other nonsensical conditions).

> And most importantly:
> c) A conditional header field may be used to protect a potentially destructive request to change a resource that has been updated in between. Clients must be able to rely on that this protection works (and they do rely on it now), so it is a MUST fail. The also rely on a specific status code being returned in this case for diagnostics, so I believe it has to remain a "MUST fail" with this specific code.

Great; we can make it MUST NOT apply the method, as we do elsewhere in several places already, whilst making the status code to return a SHOULD.


Mark Nottingham   http://www.mnot.net/
Received on Monday, 6 May 2013 06:34:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:11 UTC