- From: Julian Reschke <julian.reschke@greenbytes.de>
- Date: Wed, 28 Jan 2015 11:59:51 +0100
- To: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
On 2015-01-28 10:59, Amos Jeffries wrote: > ... > I think its a good idea. > ... Thanks. > It is also worth noting at this point that those headers are already in > use in the wild (by Squid at least) for Negotiate scheme in a way that > does not match the ABNF. Instead they just echo back from the server the > accepted "Negotiate <token>" credentials received from the client. > ... Well, Negotiate already is that weirdo (see RFC 7236). We *could* define Authentication-Info without having an ABNF, but I'd prefer to stick to what RFC 2617 said (it's flexible enough). > I am not sure exactly why Squid does this, I've queried our dev team to > see if anyone knows. Thanks. It's certainly not document in the RFC. In a quick search, I also found <http://curl.haxx.se/mail/archive-2009-02/0106.html>. Best regards, Julian
Received on Wednesday, 28 January 2015 11:00:22 UTC