W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: LYNX-DEV two curiosities from IETF HTTP session.

From: Josh Cohen <joshco@microsoft.com>
Date: Wed, 10 Dec 1997 00:30:18 -0800
Message-Id: <21FD6499922DD111A4F600805FCCD6F2BC34D2@red-86-msg.dns.microsoft.com>
To: 'Foteos Macrides' <MACRIDES@sci.wfbr.edu>, lynx-dev@sig.net
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4878

> -----Original Message-----
> From:	Foteos Macrides [SMTP:MACRIDES@SCI.WFBR.EDU]
> Sent:	Tuesday, December 09, 1997 7:02 AM
> To:	lynx-dev@sig.net
> Cc:	http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> Subject:	Re: LYNX-DEV two curiosities from IETF HTTP session.
> Al Gilman <asgilman@access.digex.net> wrote:
> >Two issues came up in today's session of the HTTP 1.1 WG that
> >left me curious.  Not that any major decisions hang on the
> >answers, but:
> >
> >Lynx came up when the fellow from MicroSoft quipped regarding the
> >305 proxy redirection message "Lynx has implemented it."
> >
> >Later it appeared he meant to be humorous, as it was left as an
> >open question.
> >
> >The Conventional Wisdom in the meeting is that 305 is broken and
> >306 didn't fix it.  The group is headed in the direction that
> >this function will not be present in the "Draft Standard" version
> >of 1.1.
> >
> >Going, going...
	[Joshua Cohen]  
	Well, I guess its time for me to fess up.
	Im the guy who "quipped".  Im also the guy who wrote the 305/306
draft to specify 
	the 305 and 306 so that they are usable.
	Unfortunately, we simply couldnt resolve the security implications
in time
	and leaving them in the http/1.1 draft puts the entire protocol at
risk from
	a process point of view.
	Before anyone jumps at dont put process over function, if we had a
	resolution, Id be pushing for it in the core protocol.  We dont, and
	we do, it needs to wait..
> 	The specs for 305 in the most current HTTP/1.1 draft in
> effect describe Lynx's implementation, years ago, but not
> completely.  Lynx's implementation:
	[Joshua Cohen]  [--snipped--] 
> 	If 306 is revised, it would be better to treat that as
> a new status, not a revision of 305, and have 306 based on only a
> Set-Proxy: header, with no Location header.  Browsers which do not
> implement it thus will treat it as 300, and should show the body
> by virtue of no Location header being present.
> 	Whether or not the "guys at MicroSoft" as yet grasp the
> occassional uses to which 304, 305, and 307 might be put, they
> nonetheless can be useful ocassionally (that statement was intended
> to be humorous &#1;).  But 306 does need more work before it's
> intended uses can be achieved.
	[Joshua Cohen]  This "guy at microsoft" gets it, and I beleive
	that most of my colleagues do as well.   As I said earlier, the
	305-306 draft (which was supposed to roll into http/1.1)
	was my doing. 

	Please dont ascribe any higher meaning to the fact that
	a "microsoft" guy spoke about temporarily holding
	305/306 from the http/1.1 draft.  Im still enthusiastic
	about the 305/306 functionality but until
	we can resolve the very real security implications
	it is prudent to withold it from the draft..

	Josh Cohen <joshco@microsoft.com>
Received on Wednesday, 10 December 1997 00:14:10 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:21 UTC