- From: Roy T. Fielding <fielding@kiwi.ics.uci.edu>
- Date: Wed, 11 Mar 1998 16:25:59 -0800
- To: Henrik Frystyk Nielsen <frystyk@w3.org>
- cc: Jeffrey Mogul <mogul@pa.dec.com>, "ietf-http-ext (E-mail)" <ietf-http-ext@w3.org>
In message <3.0.5.32.19980311173541.03404710@localhost>, Henrik Frystyk Nielsen writes: >At 01:12 3/5/98 -0800, Roy T. Fielding wrote: > >A belated comment... > >>Consider an encrypted encapsulation option that allows a client >>to wrap a request such that an intermediary can't see what resource >>is being requested (remember WRAPPED?). If the requestor has to identify >>the intended resource just to see if that option is supported, then >>it defeats the purpose of hiding the later request. > >As the OPTIONS response can not say whether this goes for all resources or >just a subset (this would again defeat the purpose) then the client is no >better of than it was before it asked using the OPTIONS method. It wouldn't have to -- this particular use of OPTIONS is not resource dependent. It is simply asking if the connection peer is capable of unwrapping before handling the underlying request. For example, the response might include a public key for use in encrypting the later request such that only that peer can unwrap it. ....Roy
Received on Wednesday, 11 March 1998 19:32:46 UTC