W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Re: ISSUE PROXY-AUTHORIZATION: Proposal wording

From: Koen Holtman <koen@win.tue.nl>
Date: Wed, 9 Jul 1997 20:40:32 +0200 (MET DST)
Message-Id: <199707091840.UAA04522@wsooti08.win.tue.nl>
To: Henrik Frystyk Nielsen <frystyk@w3.org>
Cc: dmk@bell-labs.com, koen@win.tue.nl, dwm@xpasc.com, http-wg@cuckoo.hpl.hp.com
Henrik Frystyk Nielsen:
>

>The trust may be based on some out-of-band agreement which is of no concern
>to HTTP as such. 

Yes.

>The only thing that HTTP cares about is that all HTTP
>messages in and out of the proxy are compliant with the protocol.

No.  HTTP/1.1 goes to greath lengths to define the relation between
the messages in and out of a proxy, and it does this so that people can
come together and say `we now trust each other to use a plain HTTP/1.1
proxy without any extensions'.

Throwing out all the MUSTs about the relation between the proxy input
and output would make the spec useless as a device for trust
management in this area.

HTTP/1.1 can only stop caring when nobody uses it to describe trust
relations anymore.

>What about simply saying that
>
>   The WWW-Authenticate and Authorization header fields are end-to-end
>headers 
>   following the rules found in section 14.8 and 14.46. Both the Proxy-
>   Authenticate and the Proxy-Authorization header fields are hop-by-hop
>   headers (see section 13.5.1).
>
>instead of
>
>   Proxies MUST be completely transparent regarding user agent authentication 
>   by origin servers. That is, they MUST forward the WWW-Authenticate and 
>   Authorization headers untouched, and follow the rules found in section
>14.8. 
>   Both the Proxy-Authenticate and the Proxy-Authorization header fields are 
>   hop-by-hop headers (see section 13.5.1).

No. Throwing out the MUST would make the spec less useful.  

Leaving it in does no harm; it does not block protocol extensions
which violate the MUST.

>Henrik

Koen.
Received on Wednesday, 9 July 1997 11:43:03 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:46 EDT