W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

Re: #288: Considering messages in isolation

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 30 Jun 2011 11:04:04 +0200
To: Adrien de Croy <adrien@qbik.com>
Cc: Mark Nottingham <mnot@mnot.net>, Julian Reschke <julian.reschke@gmx.de>, httpbis Group <ietf-http-wg@w3.org>
Message-ID: <20110630090404.GE27687@1wt.eu>
On Thu, Jun 30, 2011 at 07:54:42PM +1200, Adrien de Croy wrote:
> What action if any that leaves us with now is another matter.  Perhaps 
> we should make some note somewhere, or explicitly deal with the case.  
> For instance state somewhere that the assumption that requests are 
> unrelated no longer holds if a particular header is present, indicating 
> the use of session-based authentication for instance.

This would be very dangerous, however probably we should document existing
incompatibilities with the rule (eg: NTLM auth) so that implementers are
aware of this and plan on being able to adapt to this mode by configuration,
which implies more than just keeping the 1-to-1 association between client
and server connection, as it also means that connections should not be
dropped too often, and almost never during the challenge.

But I agree with you that stating that this erroneous behaviour should not
be done will not suddenly make NTLM auth disappear with its associated

Received on Thursday, 30 June 2011 09:04:35 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 1 October 2015 05:36:46 UTC