W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: LYNX-DEV two curiosities from IETF HTTP session.

From: Jim Gettys <jg@pa.dec.com>
Date: Wed, 10 Dec 1997 16:48:29 -0800
Message-Id: <9712110048.AA03588@pachyderm.pa.dec.com>
To: Yaron Goland <yarong@microsoft.com>
Cc: jg@pa.dec.com, Josh Cohen <joshco@microsoft.com>, Foteos Macrides <MACRIDES@sci.wfbr.edu>, lynx-dev@sig.net, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com

>  From: Yaron Goland <yarong@microsoft.com>
>  Date: Wed, 10 Dec 1997 11:21:51 -0800
>  To: "'jg@pa.dec.com'" <jg@pa.dec.com>, Josh Cohen <joshco@microsoft.com>
>  Cc: Foteos Macrides <MACRIDES@SCI.WFBR.EDU>, lynx-dev@sig.net,
>          http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
>  Subject: RE: LYNX-DEV two curiosities from IETF HTTP session.
>  
>  I doubt any commercial browser will implement 305 without some very serious
>  security provided to assure that the proxy asking for the one time redirect
>  is going to get it. I would suggest that this problem needs to be dealt with
>  in the large 305/306 context, in a stand alone spec, and that the draft
>  standard for HTTP should simply state that 305 has been deprecated and
>  SHOULD NOT be implemented.
>  
>  	Yaron

I think you are confused....  In Rev-01, only an origin server is allowed
to generate a 305 response.  It is authoritative for that resource, so
the spoofing problems don't come up (and is the reason for that text being
in the document...)
				- Jim
Received on Wednesday, 10 December 1997 16:52:13 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:04 EDT