- From: <bugzilla@soe.ucsc.edu>
- Date: Sun, 4 Dec 2005 01:13:19 -0800
- To: w3c-dist-auth@w3.org
http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=11 julian.reschke@greenbytes.de changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|julian.reschke@greenbytes.de|lisa@osafoundation.org Status|ASSIGNED |NEW ------- Additional Comments From julian.reschke@greenbytes.de 2005-12-04 01:13 ------- We discussed this during the conference call: 5xx is a server error, in particular 503 means "not now but maybe later". If a server detects a DOS attack, that's the last thing it would want to tell the client. Servers are free to do whatever they want should they detect a DOS attack. If they want to be friendly, a 4xx with explanation would be right. Please alo note that the current draft is missing one of the changes I made, namely (at the end of Section 8.1.1): "Note that processing XML submitted by an untrusted source may cause risks connected to privacy, security, and service quality (see Section 19). Servers MAY reject questionable requests (even though they consist of well-formed XML), for instance with a 400 (Bad Request) status code and an optional response body explaining the problem." (<http://greenbytes.de/tech/webdav/draft-reschke-webdav-rfc2518bis-latest.html#rfc.section.8.1.1>) ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
Received on Sunday, 4 December 2005 09:13:34 UTC