W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2003

Re: Chained proxies, persistent connections, authentication

From: Jeffrey Mogul <Jeff.Mogul@hp.com>
Date: Thu, 23 Oct 2003 10:37:48 -0700
Message-Id: <200310231737.h9NHbmvl025255@wera.hpl.hp.com>
To: Rob Maidment <rob.maidment@clearswift.com>
Cc: "'ietf-http-wg@w3.org'" <ietf-http-wg@w3.org> 

    Just to throw some more fuel on the fire, this is an excerpt from WRL
    Research Report 95/4 "The Case for Persistent-Connection HTTP" (Jeffrey
    Mogul, May 95):
    
    "A persistent-connection model for Web access potentially provides
    the opportunity for other improvements to HTTP [20]. For example,
    if authentication could be done per-connection rather than
    per-request, that should significantly reduce the cost of robust
    authentication, and so might speed its acceptance."

As the author of that paragraph, I should point out that it is
speculative ... "IF authentication COULD BE done per-connection"
... and although there might have been a plausible alternate
universe, in 1995 when I wrote that, in which HTTP authentication
could have been designed to be per-connection, this didn't
happen.  (Maybe SSL is that alternate universe; HTTP/1.1 is not.)

RFC2616 and RFC2617 are both dated June 1999.  That Research
Report is dated 4 years earlier.  Please be careful not to confuse
people about which document matters more.

-Jeff
Received on Thursday, 23 October 2003 13:37:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:25 GMT