- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 29 Jan 2015 23:26:01 +0100
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
On 2014-12-16 18:46, Martin Thomson wrote: > Feedback, structured or not, is always welcome. > > I didn't realize just how riddled this was with little bugs. > >> A client can also explicitly probe for an alternative service >> advertisement by sending a request that bears little or no sensitive >> information, such as one with the OPTIONS method. Likewise, clients >> with existing alternative services information could make such a >> request before they expire, in order minimize the delays that might >> be incurred. >> >> Q: How is OPTIONS better than HEAD? > > I believe that either is fine. This is a f'rexample only. I think > that we had a discussion where (and I'm going to rely on bad memory) > Roy suggested OPTIONS over HEAD. OPTIONS * allows a client to learn > things without perhaps revealing what resource it might be interested > in. > >> 6.4. Confusion Regarding Request Scheme >> >> ... >> >> HTTP/1.1 MUST NOT be sent over HTTP/1.1 or earlier versions of the >> protocol. Opportunistically secured HTTP requests MUST include an >> explicit scheme identifier. >> >> Doesn't compute. > > Whoa, I was in a hurry, but I didn't realize it was that bad. That's > awful. Here's what the next version will say. > > "HTTP/1.1 MUST NOT be used for opportunistically secured requests." I stumbled upon this today again, so I took he freedom to fix it myself (along with some typos): <https://github.com/httpwg/http-extensions/commit/7018bfe3f97b38c94c3502c2f3b82b10290b87d6> Best regards, Julian
Received on Thursday, 29 January 2015 22:26:43 UTC