- From: Mark Baker <distobj@acm.org>
- Date: Thu, 4 Dec 2003 13:28:14 -0500
- To: Tim Bray <tbray@textuality.com>
- Cc: "'www-tag @ w3. org'" <www-tag@w3.org>
Nice. You might also want to reference RFC 2817 as an example of the negotiated approach. On Thu, Dec 04, 2003 at 09:37:30AM -0800, Tim Bray wrote: > > We nuked this due to under-cookedness. I'm sympathetic to Ian's point, > so I've shaken & stirred the existing language slightly; I understand > the date is very late, but if lots of TAG members write back and say > "yes" maybe it could squeeze in: > > =============================================================== > > The "https" scheme [RFC2818] is an example of a URI scheme that, though > commonly implemented by agents, is problematic; it does not differ from > "http" except that it indicates that agents should expect to use HTTP > over TLS when dereferencing these URIs. However, HTTP agents can > negotiate a secure exchange whatever the URI scheme, so the scheme did > not provide missing functionality. Changes in the security policy for > a resource identified by an "https" URI may require publication of a > new non-https URI. Security policy management can be managed without > requiring URIs to change; see the section on URI persistence for more > information. -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca
Received on Thursday, 4 December 2003 13:25:11 UTC