http-authentication-01 comments

It would be _really_ nice to have a format other than plain text,
hint, hint.  I doubt you compose this in notepad, and change bars are
extremly helpful for last-call reviews, and the previous version had
alternate formats.

Section 3.6, Proxy-Authentication and Proxy-Authorization, references
these headers as 10.30 and 10.31.  In RFC 2068 and the current
draft (-03), this is 14.33 and 14.34.  Also, it makes reference to "as
defined above in section 2.1", which does not exist.

Inconsistency:
HTTP-03 Section 14.33 says:
"Proxy-Authenticate SHOULD NOT be passed on"
AUTH-01 1.2 says:
"Both the Proxy-Authenticate and the Proxy-Authorization header fields
are hop-by-hop headers" (but HTTP-03 section 13.5.1 has no normative
requirements on existing hop-by-hop headers)
AUTH-01 3.6 says:
"...Proxy-Authenticate... must not be passed on by proxies"

The note that comprises the last paragraph of 3.6 applies to basic
also.


Richard L. Gray
will code for chocolate

Received on Friday, 27 March 1998 12:19:15 UTC