W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

Re: #78: Relationship between 401, Authorization and WWW-Authenticate

From: Willy Tarreau <w@1wt.eu>
Date: Tue, 26 Jul 2011 21:04:30 +0200
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20110726190430.GA3692@1wt.eu>
On Tue, Jul 26, 2011 at 08:29:11PM +0200, Julian Reschke wrote:
> Björn, thanks. To the point as always...
> 
> So:
> 
> "Use of the Authorization header to transfer credentials implies that 
> the message is confidential with respect to the credentials provided in 
> that header field, meaning response messages ought to be treated as if 
> they had "Cache-Control: private", and that new authentication schemes 
> will have to take explicit measure to ensure the confidentiality of 
> messages, such as by using that very header, because deployed recipients 
> are otherwise unaware of the semantics."

Looks a lot better to me :-)

Best regards,
Willy
Received on Tuesday, 26 July 2011 19:05:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:46 GMT