W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: LYNX-DEV two curiosities from IETF HTTP session.

From: Paul Leach <paulle@microsoft.com>
Date: Thu, 11 Dec 1997 19:27:36 -0800
Message-Id: <5CEA8663F24DD111A96100805FFE6587203845@red-msg-51.dns.microsoft.com>
To: Yaron Goland <yarong@microsoft.com>, "'jg@pa.dec.com'" <jg@pa.dec.com>
Cc: Josh Cohen <joshco@microsoft.com>, Foteos Macrides <MACRIDES@sci.wfbr.edu>, lynx-dev@sig.net, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4948

> ----------
> From: 	jg@pa.dec.com[SMTP:jg@pa.dec.com]
> Sent: 	Wednesday, December 10, 1997 4:48 PM

> I think you are confused....  In Rev-01, only an origin server is allowed
> to generate a 305 response.  It is authoritative for that resource, so
> the spoofing problems don't come up (and is the reason for that text being
> in the document...)
And exactly how can the browser tell that it was the origin server that sent
the 305? And not the untrustworthy proxy in between the client and the

I know that normally one trusts one's proxy, but since security issues are
being raised here, the question needs to be asked.

Received on Saturday, 13 December 1997 12:01:56 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:21 UTC