W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1994

Re: Minutes of Hypertext Transfer protocol BOF at 31st IETF

From: Brian Behlendorf <brian@wired.com>
Date: Tue, 20 Dec 1994 04:59:14 -0800 (PST)
To: Dave Raggett <dsr@hplb.hpl.hp.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.BSD.3.91.941220044933.8427A-100000@get.wired.com>
On Tue, 20 Dec 1994, Dave Raggett wrote:
> Brian Behlendorf discussed the need for user authentication and realms. He
> wants to be able to distinguish accesses to a given machine according to the
> alias used for the host name, and advocates using the full URL in the GET
> request.

Just to correct history - I brought up as issues (since I didn't see them
addresses directly as issues to be considered for 1.1 or -NG) that

1) We have some way to allow servers to express "your password is not 
only good here, but at these other servers/directories, so give it a try 
automatically when you go there".  There were a few bits of email here 
about it a few weeks ago but I just didn't want it to go unnoticed as I 
and others consider it important, even as we ditch basic authentication 
and go towards MD5 signatures or whatever.

2) Having the GET request be changed to the full URL would be horrible
non-backwards-compatible :) I suggested adding a header in the client
request so foo.com, when CNAME'd by bar.com, knows to return bar.com's
home page rather than foo.com's.  Yes, vanity domain names are a scourge
on the net and all that, but the alternative is to burn up IP numbers for
the same effect.  Something like

Request-URI: http://bar.com/ or
Host-requested: bar.com

I don't know of a slick warm fuzzy solution short of a new header.

	Brian
Received on Tuesday, 20 December 1994 05:00:49 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:10 EDT