W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

Re: #288: Considering messages in isolation

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 30 Jun 2011 11:04:04 +0200
To: Adrien de Croy <adrien@qbik.com>
Cc: Mark Nottingham <mnot@mnot.net>, Julian Reschke <julian.reschke@gmx.de>, httpbis Group <ietf-http-wg@w3.org>
Message-ID: <20110630090404.GE27687@1wt.eu>
On Thu, Jun 30, 2011 at 07:54:42PM +1200, Adrien de Croy wrote:
> What action if any that leaves us with now is another matter.  Perhaps 
> we should make some note somewhere, or explicitly deal with the case.  
> For instance state somewhere that the assumption that requests are 
> unrelated no longer holds if a particular header is present, indicating 
> the use of session-based authentication for instance.

This would be very dangerous, however probably we should document existing
incompatibilities with the rule (eg: NTLM auth) so that implementers are
aware of this and plan on being able to adapt to this mode by configuration,
which implies more than just keeping the 1-to-1 association between client
and server connection, as it also means that connections should not be
dropped too often, and almost never during the challenge.

But I agree with you that stating that this erroneous behaviour should not
be done will not suddenly make NTLM auth disappear with its associated
issues.

Regards,
Willy
Received on Thursday, 30 June 2011 09:04:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:42 GMT