All I want is a note under SECURITY CONSIDERATIONS in the HTTP
spec to make sure implementors are aware of the consequences
of naive implementations.
No changes to any other specs, protocols, etc.
The URI specs are not very clear on these issues, but updating
them doesn't seem urgent. I'm interested in building a test
suite to nail down the issues. See:
http://www.w3.org/pub/WWW/Test/
If somebody's planning to do an update of the specs on these
issues, then it's important to get the semantics down.
Otherwise, all this discussion is just generating heat.
Dan