Re: Minutes of Hypertext Transfer protocol BOF at 31st IETF

On Tue, 20 Dec 1994, Dave Raggett wrote:
> Brian Behlendorf discussed the need for user authentication and realms. He
> wants to be able to distinguish accesses to a given machine according to the
> alias used for the host name, and advocates using the full URL in the GET
> request.

Just to correct history - I brought up as issues (since I didn't see them
addresses directly as issues to be considered for 1.1 or -NG) that

1) We have some way to allow servers to express "your password is not 
only good here, but at these other servers/directories, so give it a try 
automatically when you go there".  There were a few bits of email here 
about it a few weeks ago but I just didn't want it to go unnoticed as I 
and others consider it important, even as we ditch basic authentication 
and go towards MD5 signatures or whatever.

2) Having the GET request be changed to the full URL would be horrible
non-backwards-compatible :) I suggested adding a header in the client
request so, when CNAME'd by, knows to return's
home page rather than's.  Yes, vanity domain names are a scourge
on the net and all that, but the alternative is to burn up IP numbers for
the same effect.  Something like

Request-URI: or

I don't know of a slick warm fuzzy solution short of a new header.


Received on Tuesday, 20 December 1994 05:00:49 UTC