Re: Op-sec simplification

On 2 November 2016 at 04:33, Mike Bishop <> wrote:
> I think the case for TBD2 is that the client sent an "ambiguous" request -- that is, connecting over port 443 and not specifying http:// or https://, but just sending e.g. GET /resource.

I think my rationale could be restated more simply as: "there is
always a scheme, just that HTTP/1.1 requires that it be implicit".

BTW, Kari's example of an opportunistic-only server can be handled by 421.

Received on Wednesday, 2 November 2016 00:54:43 UTC