- From: Koen Holtman <koen@win.tue.nl>
- Date: Tue, 17 Jun 1997 21:25:18 +0200 (MET DST)
- To: Yaron Goland <yarong@microsoft.com>
- Cc: josh@netscape.com, http-wg@cuckoo.hpl.hp.com, vinodv@microsoft.com
Yaron Goland: > [...] >In general it just seems fairly clear that using response codes to >perform proxy configuration is a bad idea. It may sound sexy but as the >myriad problems so far raised demonstrate, there are a lot of difficult >issues that are not going to get solved with a single HTTP round trip. >My suggestion is that we cut 305 from the HTTP 1.1 draft and let the >draft continue on its merry way. This issue can always be revisited in a >separate draft. I agree. In particular, I think we need a lot more of a trust management infrastructure before something like this can be deployed. Asking the user for confirmation on various actions is not good enough as a solution for keeping things secure, because the average user will have a hard time understanding all the implications of clicking `OK'. Compared to this, understanding the implications of accepting a cookie is easy. Also, am I reading it wrong, or does the draft currently require not only user agents, but also proxies to ask for user confirmation? Josh: On the issue of whether feature negotiation can replace the use of the OPTIONS method: it cannot if you mean the feature negotiation found in TCN, because TCN does not negotiate on protocol options. You could use PEP for it, but that would be overkill for an IETF-defined mechanism, so I think OPTIONS is a good choice. Koen.
Received on Tuesday, 17 June 1997 12:27:33 UTC