Hello Peter,
On 2014/10/23 11:38, Peter Saint-Andre - &yet wrote:
[ Old thread alert! ]
On 3/25/14, 12:52 AM, Yutaka OIWA wrote:
My answers to the Peter's questions:
"Y u taka O i w a"
Current HTTP allows it, and we don't need to reject that mostly.
Does the HTTPAUTH WG want to support everything that HTTP currently
supports, or is it open to restricting things a bit more?
I think the main question here would be deployability. The server is
under control of the person who decides what to allow, and clients get
eventually updated. But introducing restrictions like this might mean
upgrading *users*.
Essentially, the server operator will have to mechanically check which
user names won't work anymore in the new protocol, and then contact
these users and ask them to change their user name or tell them that
their user name was modified. Not all users might like that.
Has there been further discussion about this in the HTTPAUTH WG? I'm on
that mailing list and I haven't seen much discussion on this topic.
Me neither.
Regards, Martin.
_______________________________________________
precis mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/precis
