Re: Proxies and Digest-MessageDigest from Paul Leach on 1996-02-29 (ietf-http-wg@w3.org from January to March 1996)

From: Paul Leach <paulle@microsoft.com>
Date: Thu, 29 Feb 96 13:55:51 PST
To: john@math.nwu.edu
Cc: hallam@w3.org, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: red-16-msg960229215504MTP[01.52.00]000000b1-123018

John:

Are you just talking about D-MD, or Digest Auth for 
Proxy-Authentication and Proxy-Authorization as well?

If the latter, I only made the proposals because of the 1.1 spec on
Proxy-Authentication and Proxy-Authorization -- my reading of it is 
that an HTTP
authentication scheme should work identically for both proxy and 
end-to-end (by this I
mean use the same challenge and response formats).

For example, the definition of the WWW-Authenticate header from 1.1 is
	WWWAuthenticate = "WWW-Authenticate" ":" challenge
and
	ProxyAuthentication = "Proxy-Authentication" ":" challenge
snd similarly for Authorization and Proxy-Authorization.

If it's the former (just D-MD), then if you're saying that you want to 
withdraw D-MD in it's
entirety as a big change, when made to work correctly, then I couldn't 
argue with you.
It's a new feature for which no implementations exist, and it 
can/should be discussed as to appropriateness at the WG meeting.

But if D-MD is going to be included, then I think there's a very strong 
argument that it
should work with proxies, otherwise pretty soon it won't work at all 
for a huge number of clients, whose corporations or ISPs will be 
causing them to go through proxies.  There are other approaches than 
the one I suggested to make D-MD work when going through proxies -- 
tunneling comes to mind, and maybe putting Pragma: no-cache or 
equivalent on requests and responses -- but the details would need to 
be worked out.

In any case, it's not obvious how D-MD is intended to be used (or 
musn't be used) if there are proxies, and something should be said if 
D-MD stays in the draft.

If you're saying that you want to defer any digesting of headers, (but 
keep <message-digest>)  I'm happy to have a draft that doesn't include 
them... I believe my response to the issues raised there was correct, 
but I've heard nothing back on it, so given the deadline, I'm happy to 
wait until there's more discussion, and perhaps include it in a later 
revision of the draft.

Paul

Received on Thursday, 29 February 1996 13:59:13 UTC