Re: Proxy authentication draft

> I don't see how this proposal is completely incompatible. The
> challenge is extended, and a new kind of authorization is
> expected. Old clients will fail to recognize the new challenge, and so
> won't have access. New clients will recognize both.
> Old clients will send the old authorization header, which new servers
> will either recognize or not.
> So what's the breakage?

I don't have access to the document right now, so this is just from
memory.  The document proposes a change to the challenge syntax
(right?) and that is an incompatible change in the sense that some
clients may not even recognize it as a challenge, may puke, may die, etc.
If you change the challenge syntax, you will also need to change the
field-name of the header carrying the challenge.

Since this is the same change discussed in mid-summer 95 (from memory)
and rejected at that time, it is unlikely to succeed now.  At the very
least, it should be accompanied with extensive compatibility tests.


Received on Friday, 27 December 1996 03:50:37 UTC