Re: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt

Adam Roach <> Mon, 08 July 2013 22:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 22E1221F9AEF for <>; Mon, 8 Jul 2013 15:06:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SPF_PASS=-0.001, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id tY6NIrecCuyU for <>; Mon, 8 Jul 2013 15:06:16 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f03:267::2]) by (Postfix) with ESMTP id 65C6021F9CCE for <>; Mon, 8 Jul 2013 15:06:15 -0700 (PDT)
Received: from Orochi.local ( []) (authenticated bits=0) by (8.14.3/8.14.3) with ESMTP id r68M626m005520 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Mon, 8 Jul 2013 17:06:03 -0500 (CDT) (envelope-from
Message-ID: <>
Date: Mon, 08 Jul 2013 17:05:57 -0500
From: Adam Roach <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Martin Thomson <>
References: <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Received-SPF: pass ( is authenticated by a trusted mechanism)
Cc: "" <>
Subject: Re: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Jul 2013 22:06:17 -0000

On 7/8/13 16:57, Martin Thomson wrote:
> On 8 July 2013 14:50, Adam Roach <> wrote:
>> I only find one issue in my initial read through the document: why are we
>> proposing the use of HTTP POST for stateless, idempotent information
>> retrieval? The key benefit of this approach is that it doesn't actually
>> create state in the network. That's a much better fit for GET.
> That's an interesting question.  From one perspective, this is not
> idempotent, nor is it safe.  It creates a new resource: a new
> username/password pair with a defined validity.

That's like claiming that every time I hit, it creates a new 
resource, since the organization of the articles and ads changes as a 
function of time (new articles are added) and local cookies (encoding my 
section preferences). I think both are kind of a tortured interpretation 
of resource creation.

> But it's equally valid to try to pretend otherwise and use GET.  After
> all, most servers won't actually be allocating any state for these
> things.

I hope none of them do. It's kind of the main point of the whole draft.

> p.s., I was going to let this slide, but this design is not RESTful,
> no sense in pretending like it is.

I'm not sure I agree with your assessment. Which of these six 
constraints do you believe are violated?