- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Sun, 1 Feb 2004 23:16:14 -0800
- To: "Kai Schaetzl" <maillists@conactive.com>
- Cc: uri@w3.org
> http://www.iana.org/assignments/uri-schemes says 2616 is relevant for > http > URIs and not 1738 anymore > 2616 refers to 2396 for http URIs Only for the syntax constructs. The syntax for the http scheme is defined in 2616 and does not allow userinfo. > Well, is it a valid http URI or not? Why is there so much confusion in > the > documents? Could you please add a definitive statement on userinfo in > 2396bis and either add it explicitely to the BNF syntax or clearly > state > it's invalid? 2396 defines the generic syntax for all schemes, some of which include userinfo as a valid option. It is not appropriate for it to say anything more than it already does, which is basically that it is not recommended for any scheme. Getting implementers to understand that passive user security is more important than backwards compatibility has proven to be difficult. The spec has to draw a fine line between describing how existing systems work and how they should work, particularly when the software is revised faster than the specifications. ....Roy
Received on Monday, 2 February 2004 02:15:56 UTC