W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

Re: #78: Relationship between 401, Authorization and WWW-Authenticate

From: Willy Tarreau <w@1wt.eu>
Date: Tue, 26 Jul 2011 21:04:30 +0200
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20110726190430.GA3692@1wt.eu>
On Tue, Jul 26, 2011 at 08:29:11PM +0200, Julian Reschke wrote:
> Björn, thanks. To the point as always...
> So:
> "Use of the Authorization header to transfer credentials implies that 
> the message is confidential with respect to the credentials provided in 
> that header field, meaning response messages ought to be treated as if 
> they had "Cache-Control: private", and that new authentication schemes 
> will have to take explicit measure to ensure the confidentiality of 
> messages, such as by using that very header, because deployed recipients 
> are otherwise unaware of the semantics."

Looks a lot better to me :-)

Best regards,
Received on Tuesday, 26 July 2011 19:05:07 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:58 UTC