W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: LYNX-DEV two curiosities from IETF HTTP session.

From: Paul Leach <paulle@microsoft.com>
Date: Thu, 11 Dec 1997 19:27:36 -0800
Message-Id: <5CEA8663F24DD111A96100805FFE6587203845@red-msg-51.dns.microsoft.com>
To: Yaron Goland <yarong@microsoft.com>, "'jg@pa.dec.com'" <jg@pa.dec.com>
Cc: Josh Cohen <joshco@microsoft.com>, Foteos Macrides <MACRIDES@sci.wfbr.edu>, lynx-dev@sig.net, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com


> ----------
> From: 	jg@pa.dec.com[SMTP:jg@pa.dec.com]
> Sent: 	Wednesday, December 10, 1997 4:48 PM
> 
<snip>

> I think you are confused....  In Rev-01, only an origin server is allowed
> to generate a 305 response.  It is authoritative for that resource, so
> the spoofing problems don't come up (and is the reason for that text being
> in the document...)
> 
And exactly how can the browser tell that it was the origin server that sent
the 305? And not the untrustworthy proxy in between the client and the
server?

I know that normally one trusts one's proxy, but since security issues are
being raised here, the question needs to be asked.

Paul
Received on Saturday, 13 December 1997 12:01:56 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:05 EDT