Re: -encryption draft -01

On 2014-12-16 18:46, Martin Thomson wrote:
> Feedback, structured or not, is always welcome.
> I didn't realize just how riddled this was with little bugs.
>>     A client can also explicitly probe for an alternative service
>>     advertisement by sending a request that bears little or no sensitive
>>     information, such as one with the OPTIONS method.  Likewise, clients
>>     with existing alternative services information could make such a
>>     request before they expire, in order minimize the delays that might
>>     be incurred.
>> Q: How is OPTIONS better than HEAD?
> I believe that either is fine.  This is a f'rexample only.  I think
> that we had a discussion where (and I'm going to rely on bad memory)
> Roy suggested OPTIONS over HEAD.  OPTIONS * allows a client to learn
> things without perhaps revealing what resource it might be interested
> in.
>> 6.4. Confusion Regarding Request Scheme
>>     ...
>>     HTTP/1.1 MUST NOT be sent over HTTP/1.1 or earlier versions of the
>>     protocol.  Opportunistically secured HTTP requests MUST include an
>>     explicit scheme identifier.
>> Doesn't compute.
> Whoa, I was in a hurry, but I didn't realize it was that bad.  That's
> awful.  Here's what the next version will say.
> "HTTP/1.1 MUST NOT be used for opportunistically secured requests."

I stumbled upon this today again, so I took he freedom to fix it myself 
(along with some typos): 

Best regards, Julian

Received on Thursday, 29 January 2015 22:26:43 UTC