Re: Digest Auth (fwd) from Roy T. Fielding on 1996-08-29 (ietf-http-wg@w3.org from July to September 1996)

From: Roy T. Fielding <fielding@liege.ICS.UCI.EDU>
Date: Thu, 29 Aug 1996 16:21:23 -0700
To: Mike McCool <mlm@netscape.com>
Cc: http working group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Message-Id: <9608291621.aa29955@paris.ics.uci.edu>

>> [...] Digest can and should have been
>> implemented in HTTP/1.0 as the experiment that it was -- whether
>> or not it is stable only affects the allocation of limited resources. 
> 
> I disagree, because of the nature of "experimental" features.  The
> particular case we're talking about (I believe) is the case where
> Digest was implemented, and pulled because the spec showed signs 
> of destabilization.  With the final release of the servers in 
> question rapidly approaching, we decided it would be better to play
> it safe and remove support until the spec was stable than to keep
> the support in and saddle everyone with an experimental 
> implementation for a long time.  If a spec shows signs of
> instability, and a product is scheduled to ship a final release,
> it is not prudent to release an experimental feature in a release
> product.  Haven't specs gotten bit by experimental features with
> large user bases before?  Currently I'm thinking of the Host:
> header, which I believe was appending the port number in Navigator,
> and some discussion came up to remove the port number.  Even if
> the spec did change, now experimental behavior has to be expected
> and dealt with because users will be sending it.  We decided to be
> prudent and wait for the spec to calm down rather than etch 
> experimental behavior into a final release.  (Note that I can only
> speak for the server side.)

We don't disagree -- that is what I meant by experiment.  I have no
problem with Netscape's decision not to include it in their released
products until there is a stable spec.  However, I do hope that you
(and everyone else) have continued to experiment and thus that you
will be ready to release a completed implementation, based on the
now final draft, as soon as possible.

My disagreement was with Mr. Morris' suggestion that this is the
same as the "HTTP/1.1" labelling issue; it is not.  Digest (as a draft)
is now just as stable for HTTP/1.0 as it is for HTTP/1.1.

I personally do not care whether Digest is a MUST or not -- people will
implement it because doing so results in a better product.


 ...Roy T. Fielding
    Department of Information & Computer Science    (fielding@ics.uci.edu)
    University of California, Irvine, CA 92697-3425    fax:+1(714)824-4056
    http://www.ics.uci.edu/~fielding/

Received on Thursday, 29 August 1996 16:31:13 UTC