W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Proposal for new HTTP 1.1 authentication scheme

From: Dave Kristol <dmk@bell-labs.com>
Date: Tue, 09 Dec 1997 20:50:06 -0500
Message-Id: <348DF54E.FC604986@bell-labs.com>
To: Paul Leach <paulle@microsoft.com>
Cc: John Franks <john@math.nwu.edu>, Jim Gettys <jg@pa.dec.com>, Eric_Houston/CAM/Lotus@lotus.com, Scott Lawrence <lawrence@agranat.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Paul Leach wrote:

> There are two ways to fix the problem --
> 1. Say that origin servers can't omit the headers
> 2. Say that proxies can't add them when using Message Disgest.
> 
> I don't know which is best. For Date, at least, it seems silly to omit it.

I think we're looking at the problem from different directions.  A
*sender* produces an entity-digest.  I look at the problem from the
perspective of an origin server *receiving* the entity-digest.  In this
case the sender is a client (user-agent), possibly doing a PUT or POST. 
Clients seldom send Date.  Proxies could (conceivably) add them.

I like Benjamin Franz's suggestion of a fixed date that means "this is
not a date" as a placeholder.

Content-length is another matter.  If the client sends the entity with
chunked encoding, it probably does not know the content length, although
it may calculate an entity-digest on the fly (and add it as a
trailer?).  But the proxy may coalesce the entity and add a
Content-length header.  Now what?  The entity-digest as calculated by
the two parties will be different because of the Content-length.

Dave Kristol
Received on Tuesday, 9 December 1997 17:33:40 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:04 EDT