- From: Ben Laurie <ben@algroup.co.uk>
- Date: Tue, 09 Dec 1997 21:39:39 +0000
- To: Dave Kristol <dmk@bell-labs.com>
- Cc: John Franks <john@math.nwu.edu>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Dave Kristol wrote: > > John Franks wrote: > > > > On Tue, 9 Dec 1997, Dave Kristol wrote: > > > > > I still feel my one objection about proxy-added headers is substantive > > > and unresolved. Briefly, an origin server might omit headers that get > > > figured into the entity-digest calculation. A proxy might subsequently > > > add those headers. The client sees a message *with* the headers, > > > calculates an entity-digest that figures them in, and gets a different > > > answer from what the origin server calculated. > > [...] > > I agree that there is an issue here. The current spec says the > > proxy MUST not add these headers. If I recall you suggested the > > MUST be changed to SHOULD. I am not sure how this helps beyond > > making the proxy technically "legal." It doesn't materially affect > > the problem. > > Ummm... I think my "MUST -> SHOULD" had to do with a proxy's changing > the content of headers. I think I see the words to which you're > referring (end of p.13), and they mention Content-Length explicitly but > don't mention Date. And there's a potential problem with > Content-Length: suppose a proxy eats chunked data and wants to create a > complete entity *with* Content-Length. Is it hereby forced to forward > the entity as "chunked" because it's forbidden to add Content-Length? > > > > What should a proxy do in this situation? It seems it must either > > not add headers or break the entity-digest. > > I agree it's a dilemma. An option is to require that clients send > Content-Length and (perhaps) not Date, and forbid proxies to add either > within this context. Alternatively, you exclude those headers from the digest? Cheers, Ben. -- Ben Laurie |Phone: +44 (181) 735 0686|Apache Group member Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author A.L. Digital Ltd, |http://www.algroup.co.uk/Apache-SSL London, England. |"Apache: TDG" http://www.ora.com/catalog/apache
Received on Tuesday, 9 December 1997 13:23:12 UTC