W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: more minor Digest Auth editorial comments

From: Paul Leach <paulle@microsoft.com>
Date: Thu, 29 Feb 96 11:05:13 PST
To: hallam@w3.org
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: red-16-msg960229185808MTP[01.52.00]000000b1-122387
It wasn't clear from the writeup, but <header-digest> is not 
end-to-end, it's hop-by-hop, so the general and response headers that 
get digested are those sent by the proxy, not the origin-server, so the 
proxy just needs to digest what it has mangled.

 If the proxy insists on mucking with the entity-headers, then it's 
responses cannot be authenticated by this means -- but I couldn't see 
why it would want to change any entity header.
----------
] From: http-wg-request@cuckoo.hpl.hp.com
] To: Paul Leach
] Cc:  <"john@math.nwu.edu">;  <john@math.nwu.edu>;
] <"http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com">;
] <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>;
] <"hallam@w3.org">;  <hallam@w3.org>
] Subject: Re: more minor Digest Auth editorial comments
] Date: Wednesday, February 28, 1996 10:21PM
]
]
] The proposal to incorporate a header digest is simply not practical
] without the WRAPPED method being used. There are a great many proxies
] which mangle headers very baddly :-(
]
] 	Phill
]
]
] 
Received on Thursday, 29 February 1996 11:00:41 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:47 EDT