W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: Non editorial comments...

From: Larry Masinter <masinter@parc.xerox.com>
Date: Tue, 28 May 1996 20:43:03 PDT
To: pjc@trusted.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <96May28.204304pdt.2733@golden.parc.xerox.com>
> With a persistant connection, BASIC auth can and is being used with
> challenge response and one time tokens to provide strong authentication.
> This is being used with persistant proxy connections to auth the client
> to the proxy.

Peter,

This sounds like a buggy implementation of persistent connections. You
might be able to use BASIC with cookies to get challenge reponse, but
there is (or at least should be) no guarantee that the second request
on a persistent connection has any client relationship to any prior
request; among other things, this allows persistent connections
between proxies and origin servers where the proxies are serving
multiple clients.

> I have seen the problem with clients and servers starting to support 
> persistant connections and the use of proxies (http-gw from the firewall
> toolkit) that don't understand this. We recently have provided a patch to 
> remove various headers to fix this..

This sounds like your "patch" is actually causing erroneous behavior
based on a misunderstanding of the protocol design.

Perhaps I misunderstood what you were saying.

- Larry
Received on Tuesday, 28 May 1996 20:47:37 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:00 EDT