tor 2007-05-31 klockan 17:30 -0700 skrev Paul Leach: > I don't have anything to do with implementations of HTTP by > Microsoft anymore, so I can't say anything about what we might support > in the future. But even if we did what you suggest, it would take a long > time before any significant number of sites used it, because all sites > have to cater to older browsers, from many vendors. Sure. No problem. > What requirements are you referring to? In specific the requirements on strict transport connection association for the authentication chain, requiring responses to challenges to be transmitted over the same transport connection, and that messages are authenticated without having any authorization headers simply by being transmitted on a connection where authentication has completed. Or in HTTP the required changes in the transport/message layering to support the above, including forwarding via proxies, plus the inherited Authorization status from the transport connection.. Regards Henrik
Received on Friday, 1 June 2007 01:23:32 UTC