On Wed, 28 Feb 1996, Paul Leach wrote: > > I think there's a good argument that the <message-digest> should > include at least the > entity-headers and Date: as well as the <entity-body>, and maybe the > other headers, > too. This would prevent mucking with the Last-Modified, or > Content-Type, etc, and > Date: would prevent substituting an old reply for a new one. (This was > another of > Allan's points, BTW, that seems to have been left off of Larry's list. > Sorry for not > mentioning it earlier, but I coudn't tell until getting the > <message-body> thing clarified. > Actually it was two of his points -- that the total request wan't > authenticated, and that there was no freshness information.) > > If this is a backwards compatibility problem, then a new optional parameter > "header=" could be used. This approach could also permit the separation of the > entity-headers from the rest of the headers -- a cache would need to cough up > entity-related digest that it got from the origin server, but construct > a digest of the other > headers using its own secret that it shares with the client. > I think this sounds good. It should refer to objects defined in the HTTP1.1 spec as Larry recommended. > If this isn't too out of line, I'll write up specific proposed text. > Great. But try to do it quickly. I would like to get version 03 of this document submitted. Also could you send me your address? John Franks Dept of Math. Northwestern University john@math.nwu.eduReceived on Wednesday, 28 February 1996 12:50:33 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:42:57 UTC