W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: more on digest (was: Unidentified subject!)

From: John Franks <john@math.nwu.edu>
Date: Wed, 17 Dec 1997 21:01:50 -0600 (CST)
To: Paul Leach <paulle@microsoft.com>
Cc: "'Roy T. Fielding'" <fielding@kiwi.ics.uci.edu>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.LNX.3.95.971217210006.9081A-100000@hopf.math.nwu.edu>
On Wed, 17 Dec 1997, Paul Leach wrote:

> Does it (Apache proxy) canonicalize any other headers? If the incoming Date,
> L-M, and Expires are already canonical, does the exact string value change
> (spaces inserted, e.g.)?
> 


I remain convinced that the problem lies not with the digest
authentication but with proxy behavior.  However, it does seem that
the problems we have involving a conflicting behavior of the two could
be fixed by some modest changes in digest.

First an assumption: the problem lies with responses, not requests
(correct me if this is wrong).  I.e. proxies don't change the Date
header and won't change L-M or expires if any such ever exists 
in a request.

If this is the case then adding a field to the Authentication-Info
header could solve the problem by duplicating the headers which
a proxy might change.  I have in mind something like

   dheaders = "date:content_len:L-M-date:expires"

John Mallery points out that it would be good to have the response
status code digested as well.  If it is included here that becomes
possible (which it wasn't before since proxies change it from
say 304 to 200).  This header would also eliminate problems of 
proxies canonicalizing headers.

An extra header (and not a short one) does add to overhead, but it
eliminates a lot of headaches here.

John Franks
Received on Wednesday, 17 December 1997 19:06:26 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:05 EDT