Tim Bray wrote:
Having read the eight follow-ups, I'm really unconvinced. I'm pretty sure that if I were malicious and wanted to DOS some Atom implementation, there are easier ways than what you propose. And
It's not about DOSing an Atom implementation. It's about exploiting any HTTP server with an insecure POST handler through an Atom client. Using POST for PaceServiceError is completely irresponsible.
> inventing new HTTP verbs is really questionable.
That's the subtext of all the arguments for POST, I think. Unfortunately, it's not really backed by anything other than religion. It's also humorous to me that most of the people who feel that way have no problem with inventing new verbs by extending HTTP with custom headers.
Robert Sayre
