W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Proposal for new HTTP 1.1 authentication scheme

From: John Franks <john@math.nwu.edu>
Date: Tue, 9 Dec 1997 15:09:00 -0600 (CST)
To: Dave Kristol <dmk@bell-labs.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.LNX.3.95.971209140258.2074A-100000@hopf.math.nwu.edu>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4863
On Tue, 9 Dec 1997, Dave Kristol wrote:

> I still feel my one objection about proxy-added headers is substantive
> and unresolved.  Briefly, an origin server might omit headers that get
> figured into the entity-digest calculation.  A proxy might subsequently
> add those headers.  The client sees a message *with* the headers,
> calculates an entity-digest that figures them in, and gets a different
> answer from what the origin server calculated.
> Dave Kristol

I agree that there is an issue here.  The current spec says the
proxy MUST not add these headers.  If I recall you suggested the
MUST be changed to SHOULD.  I am not sure how this helps beyond
making the proxy technically "legal."  It doesn't materially affect
the problem.

What should a proxy do in this situation?  It seems it must either
not add headers or break the entity-digest.

John Franks
Received on Tuesday, 9 December 1997 12:53:13 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:16:28 UTC