Dear all,
Although TAPIR is layered on top of HTTP, the existing documents (including the spec) don't mention anything about HTTP versions.
I was recently asked about this because it seems that providers that are installed on HTTP/1.1 servers are starting to reject HTTP/1.0 requests, probably for security reasons.
I think we should be more explicit in the specification about the minimum HTTP version compatible with TAPIR. In this case HTTP/1.0 (the previous version didn't even have the POST method).
This means that a TAPIR provider can potentially be installed on an HTTP/1.0 or 1.1 server. In both cases, technically there should be no problem to process requests in either HTTP/1.0 or 1.1 (1.0 servers will simply ignore 1.1 extensions, and 1.1 servers are "expected" to be able to easily handle requests in previous versions, as noted in the HTTP/1.1 RFC).
Anyway, considering the fact that HTTP/1.1 servers are starting to deny 1.0 requests, I could add a recommendation for TAPIR clients to always send requests in HTTP/1.1. This would not be a "protocol rule", just a pragmatic recommendation, so I would probably add this in the TAPIR network builders' guide instead of the spec.
Please let me know if you have any ideas or suggestions in this respect.
Best Regards, -- Renato