- From: Josh Cohen <joshco@microsoft.com>
- Date: Wed, 10 Dec 1997 00:30:18 -0800
- To: 'Foteos Macrides' <MACRIDES@sci.wfbr.edu>, lynx-dev@sig.net
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> -----Original Message----- > From: Foteos Macrides [SMTP:MACRIDES@SCI.WFBR.EDU] > Sent: Tuesday, December 09, 1997 7:02 AM > To: lynx-dev@sig.net > Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com > Subject: Re: LYNX-DEV two curiosities from IETF HTTP session. > > Al Gilman <asgilman@access.digex.net> wrote: > >Two issues came up in today's session of the HTTP 1.1 WG that > >left me curious. Not that any major decisions hang on the > >answers, but: > > > >Lynx came up when the fellow from MicroSoft quipped regarding the > >305 proxy redirection message "Lynx has implemented it." > > > >Later it appeared he meant to be humorous, as it was left as an > >open question. > > > >The Conventional Wisdom in the meeting is that 305 is broken and > >306 didn't fix it. The group is headed in the direction that > >this function will not be present in the "Draft Standard" version > >of 1.1. > > > >Going, going... [Joshua Cohen] Well, I guess its time for me to fess up. Im the guy who "quipped". Im also the guy who wrote the 305/306 draft to specify the 305 and 306 so that they are usable. Unfortunately, we simply couldnt resolve the security implications in time and leaving them in the http/1.1 draft puts the entire protocol at risk from a process point of view. Before anyone jumps at dont put process over function, if we had a good resolution, Id be pushing for it in the core protocol. We dont, and until we do, it needs to wait.. > > The specs for 305 in the most current HTTP/1.1 draft in > effect describe Lynx's implementation, years ago, but not > completely. Lynx's implementation: > [Joshua Cohen] [--snipped--] > If 306 is revised, it would be better to treat that as > a new status, not a revision of 305, and have 306 based on only a > Set-Proxy: header, with no Location header. Browsers which do not > implement it thus will treat it as 300, and should show the body > by virtue of no Location header being present. > > Whether or not the "guys at MicroSoft" as yet grasp the > occassional uses to which 304, 305, and 307 might be put, they > nonetheless can be useful ocassionally (that statement was intended > to be humorous ). But 306 does need more work before it's > intended uses can be achieved. > [Joshua Cohen] This "guy at microsoft" gets it, and I beleive that most of my colleagues do as well. As I said earlier, the 305-306 draft (which was supposed to roll into http/1.1) was my doing. Please dont ascribe any higher meaning to the fact that a "microsoft" guy spoke about temporarily holding 305/306 from the http/1.1 draft. Im still enthusiastic about the 305/306 functionality but until we can resolve the very real security implications it is prudent to withold it from the draft.. Josh Cohen <joshco@microsoft.com> >
Received on Wednesday, 10 December 1997 00:14:10 UTC