RE: Intent of 14.38 Server from Henrik Nordstrom on 2006-12-21 (ietf-http-wg@w3.org from October to December 2006)

From: Henrik Nordstrom <hno@squid-cache.org>
Date: Thu, 21 Dec 2006 16:03:06 +0100
To: Paul Leach <paulle@windows.microsoft.com>
Cc: "Travis Snoozy (Volt)" <a-travis@microsoft.com>, ietf-http-wg@w3.org
Message-Id: <1166713386.811.26.camel@henriknordstrom.net>

ons 2006-12-20 klockan 17:24 -0800 skrev Paul Leach:
> Authentication protocols that provide integrity protection can rely on
> the original wording to mean that they can include fields that proxies
> aren't allowed to modify in the integrity check.

Are you sure?

I very much doubt thats the reason to the specific wording about the
Server header..  Have always read that part as that the proxy have no
business mucking around with the Server header to advertise itself, it
MUST use the Via header for this purpose.

The Server header is supposed to advertise the software version of the
products making up the server, not as a communication channel or
capability indication.

Is it really true that proxies is not allowed to clean up LWS in Server
headers? I have always considered folding/unfolding, LWS cleanup and and
list merging to be safe operations on all headers.


Regards
Henrik

Received on Thursday, 21 December 2006 15:03:43 UTC