- From: Carsten Bormann <cabo@tzi.org>
- Date: Sat, 17 Jul 2021 11:50:29 +0200
- To: Asbjørn Ulsberg <asbjorn@ulsberg.no>
- Cc: David Benjamin <davidben@chromium.org>, Mike Bishop <mbishop@evequefou.be>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 2021-07-16, at 22:43, Asbjørn Ulsberg <asbjorn@ulsberg.no> wrote: > > To > accommodate these use cases, an I-D for a safe method with body has > been initiated: > > https://datatracker.ietf.org/doc/draft-ietf-httpbis-safe-method-w-body/ > > With such a method in the implementer's toolbox, I'm pretty certain a > MUST NOT requirement would be easy to swallow. Indeed. > However, since the I-D > is still far from completion and there are no standardized > alternatives to GET with body, a more elaborate explanation of > potential security and privacy risks and stronger language with the > current SHOULD NOT requirement seems appropriate. https://datatracker.ietf.org/wg/httpbis/about/ doesn’t indicate anything about the trajectory the SEARCH draft mentioned above is in, so I’m speaking from the experience of having done a similar thing in RFC 8132 (there, the same method is called FETCH): It should not be long (6 months? Surely < 12 months?) until that document is published, while the referencing documents are probably intended to be good for a decade or so. So the perspective here should be that it’s done. Grüße, Carsten
Received on Saturday, 17 July 2021 09:51:15 UTC