- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 16 Dec 2014 09:46:58 -0800
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Feedback, structured or not, is always welcome. I didn't realize just how riddled this was with little bugs. > A client can also explicitly probe for an alternative service > advertisement by sending a request that bears little or no sensitive > information, such as one with the OPTIONS method. Likewise, clients > with existing alternative services information could make such a > request before they expire, in order minimize the delays that might > be incurred. > > Q: How is OPTIONS better than HEAD? I believe that either is fine. This is a f'rexample only. I think that we had a discussion where (and I'm going to rely on bad memory) Roy suggested OPTIONS over HEAD. OPTIONS * allows a client to learn things without perhaps revealing what resource it might be interested in. > 6.4. Confusion Regarding Request Scheme > > ... > > HTTP/1.1 MUST NOT be sent over HTTP/1.1 or earlier versions of the > protocol. Opportunistically secured HTTP requests MUST include an > explicit scheme identifier. > > Doesn't compute. Whoa, I was in a hurry, but I didn't realize it was that bad. That's awful. Here's what the next version will say. "HTTP/1.1 MUST NOT be used for opportunistically secured requests."
Received on Tuesday, 16 December 2014 17:47:25 UTC