W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Proposal for new HTTP 1.1 authentication scheme

From: Dave Kristol <dmk@bell-labs.com>
Date: Tue, 09 Dec 1997 14:56:23 -0500
Message-Id: <348DA267.9D80E9F5@bell-labs.com>
To: John Franks <john@math.nwu.edu>
Cc: Jim Gettys <jg@pa.dec.com>, Paul Leach <paulle@microsoft.com>, Eric_Houston/CAM/Lotus@lotus.com, Scott Lawrence <lawrence@agranat.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4862
John Franks wrote:
> [...]
> Most of the suggestions by Paul and Dave seem to be clarifications
> of the original intent.  They should not cause problems.
> [...]

I still feel my one objection about proxy-added headers is substantive
and unresolved.  Briefly, an origin server might omit headers that get
figured into the entity-digest calculation.  A proxy might subsequently
add those headers.  The client sees a message *with* the headers,
calculates an entity-digest that figures them in, and gets a different
answer from what the origin server calculated.

Dave Kristol
Received on Tuesday, 9 December 1997 11:39:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:16:28 UTC