- From: Paul Leach <paulle@microsoft.com>
- Date: Tue, 27 Feb 96 17:08:04 PST
- To: john@math.nwu.edu
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
I made these before, but they may have been lost in the incrementing discussion. 1. A definition of what is "message-body" in section 2.1 needs to be given. Does it include entity-headers, general-headers, response-headers (when sent by server) or request-headers (when sent by client), as well as the entity-body? 2. In the security considerations section, the rationale for including client IP in the recommended nonce needs to be given, over just checking the IP address of a later request containing a nonce against the IP address to which the nonce was originally given. Is it to reduce the amount of state that the server needs to hold? Paul
Received on Tuesday, 27 February 1996 17:06:18 UTC