[mdx] Joe on section 2.1
Joe St Sauver
joe at oregon.uoregon.edu
Thu Sep 26 08:22:06 PDT 2013
Ian commented:
#Joe:
#
#> -- 2.1 requires ("MUST") use HTTP version 1.1 per RFC2616, but 5.1
#> urges ("RECOMMEND[S]") use of SSL/TLS at the transport layer,
#> among other possible options. Does the requirement for HTTP 1.1
#> per RFC2616 preclude SSL/TLS per RFC5246?
#
#Leif:
#
#> Good point. Suggest we reformulate to make it clear those
#> are not exclusive
#
#There was no dissent on this question as far as I can see. Personally, I
#don't understand why HTTP 1.1 should preclude TLS 1.2 per RFC5246, but
#perhaps someone can explain why they think that might be the
#implication.
#
#If it is indeed unclear, I'm open to suggestions as to how to clarify
#this?
Perhaps just add a note, "Specifying HTTP 1.1 is NOT meant to specify
use of unencrypted HTTP protocols only; whever possible, encryption of
traffic is encourage. The most recent version of TLS (currently TLS 1.2
per RFC5246) SHOULD be used.
But I'm not an English major/wordsmith, so feel free to take the intent
and write it in a way that is coherent rather than non :-)
Regards,
Joe
More information about the mdx
mailing list