W3C home > Mailing lists > Public > www-talk@w3.org > July to August 1995

Re: 3 Proposals: session ID, business-card auth, customer auth

From: William Perry <wmperry@spry.com>
Date: Tue, 18 Jul 95 06:47 PDT
Message-Id: <m0sYCzs-00005RC@monolith>
To: Daniel DuBois <ddubois@spyglass.com>
Cc: www-talk@w3.org
Daniel DuBois writes:

> In fact, if we are going to design browsers that allow the user the
> *option* of following the business card auth scheme, we might as well
> design browsers to allow the user the *option* of sending out the 'From:'
> field, and, if a server really wanted to, it could alter its output based
> on whether or not a From: field exists.

  Some browsers do exactly that already.  Emacs-w3 and I think one other,
can't remember right now, allow you to selectively turn off the sending of
various parts of the HTTP/1.0 request, including Referer, From, and certain
information about the operating system you are running on in the User-Agent
field.

  The HTTP/1.0 specification actually encourages this behaviour (or used
to, haven't read the new spec in about 3 weeks) in its addendum about
security and privacy related issues.

-Bill P.
Received on Tuesday, 18 July 1995 09:43:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:17 GMT