- From: Dave Kristol <dmk@research.bell-labs.com>
- Date: Fri, 5 Dec 97 12:33:30 EST
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
I'll bring my usual set of nitpicking editorial comments to the IETF meeting for personal delivery. Meanwhile, here are some substantive ones. 1) Sect 1.2 [Proxies] MUST forward the WWW-Authenticate and Authorization headers untouched.... I would like MUST to be SHOULD. I've brought this up once before. There may be services (LPWA, lpwa.com, is one such) whose legitimate purpose is to provide authentication services for a user, such as replacing special character sequences in Authorization with a user's computed identity. The proxy ought to be able to do so without being considered non-compliant. 2) Sect 3.2.1, under "nonce" ... is the dotted quad IP address ... How to handle IPv6 addresses? 3) Sect 3.2.2, syntax should be entity-digest = <"> ... ^ The "date" attribute description bears no mention here of what date we're talking about. I inferred from text much further on that it's supposed to mirror the Date header of the request/response. 4) Sect 3.2.2, semantics Consider sender -> proxy -> receiver. The entity-digest incorporates information from headers from the sender. Consider, for example, Date and Content-Length. A proxy could add Date if one were missing. A proxy could add a Content-Length after gobbling up something that the sender sent "chunked". The receiver wouldn't know that the proxy had added those headers. It would use the added headers in its calculation of entity-digest and derive a different value from what the sender calculated. Dave Kristol
Received on Friday, 5 December 1997 09:37:19 UTC