From: Julian Reschke [mailto:julian(_dot_)reschke(_at_)gmx(_dot_)de]
Sent: Monday, January 30, 2012 10:10 AM
To: Stephen Hanna
Cc: Mark Nottingham;
Subject: Re: secdir review of draft-nottingham-http-new-status-03
On 2012-01-30 16:05, Stephen Hanna wrote:
I don't want to rehash the discussion that we've already had.
Clearly, you prefer brevity while I would prefer education in
I can live with your text for status codes 428, 429, and 431. For
511, I don't think it's adequate to just say that big security
issues already exist. You should at least give some suggestions
for how to deal with them. For example, you could point out that
most user agents include some indication of whether the server
has been authenticated. For captive portals, this indication will
generally not be displayed so the user receives some warning
that the response did not come from the requested URL.
Are you referring to HTTPS?
Best regards, Julian
Ietf mailing list