[This write-up replaces the one sued when the draft came forward on the IETF stream]
Overall, this document seems complete and interoperably implementable.
Here I take "interoperably" in the limited sense that the server will
clearly understand what the client is asking; the document correctly
describes the semantic ambiguities as to how to interpret the request,
which will be inherent in any such feature. Assuming there are HTTP
servers that wish to allow clients to request "safe" content and clients
that will send such requests, this document will have benefit to the
Internet community by providing a common implementation target.
For the authors:
- The Implementation Status section is useful, but the links are likely to
become stale over time. It would be useful to summarize the content of the
linked pages as of this writing.
- I disagree with the author's conclusion that "Prefer: safe" should not be
used over non-secure HTTP. As much as I love to discourage use of
non-secure HTTP, this preference value could provide some incremental
utility there. Security fixes get backported :)