Authorization in chunked encoding

>>>>> "PL" == Paul Leach <>

  ... writes re the interation between transfer-encoding and
  content digest in authentication information.

PL> Note also that in order to digest a chunked body, the digest has to go
PL> in the footer, after the end of the chunk-encoded body. However, the
PL> HTTP spec says that only headers that state that they are allowed in
PL> footers are allowed in footers, and the relevant digest-auth header does
PL> not so state.


PL> 1. Change section 2.1.3 "The AuthenticationInfo Header" to say that it
PL> is allowed in the footer of a chunked encoded HTTP message.

  This issue is also important in the context of servers for embedded
  systems (such as our EmWeb product ).

  Because much of the data we serve is generated dynamically and
  because in an embedded system it is not practical to buffer all the
  data in order to compute a content digest before sending it, we
  would very much like to see the change Paul suggests above to allow
  the Authentication-info header to appear in the final chunk of a
  chunk-encoded response.

Scott Lawrence             Principal Engineer        <>
Agranat Systems, Inc.                     

Received on Thursday, 19 December 1996 12:58:03 UTC