- From: Jim Gettys <jg@pa.dec.com>
- Date: Wed, 10 Dec 1997 16:48:29 -0800
- To: Yaron Goland <yarong@microsoft.com>
- Cc: jg@pa.dec.com, Josh Cohen <joshco@microsoft.com>, Foteos Macrides <MACRIDES@sci.wfbr.edu>, lynx-dev@sig.net, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> From: Yaron Goland <yarong@microsoft.com> > Date: Wed, 10 Dec 1997 11:21:51 -0800 > To: "'jg@pa.dec.com'" <jg@pa.dec.com>, Josh Cohen <joshco@microsoft.com> > Cc: Foteos Macrides <MACRIDES@SCI.WFBR.EDU>, lynx-dev@sig.net, > http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com > Subject: RE: LYNX-DEV two curiosities from IETF HTTP session. > > I doubt any commercial browser will implement 305 without some very serious > security provided to assure that the proxy asking for the one time redirect > is going to get it. I would suggest that this problem needs to be dealt with > in the large 305/306 context, in a stand alone spec, and that the draft > standard for HTTP should simply state that 305 has been deprecated and > SHOULD NOT be implemented. > > Yaron I think you are confused.... In Rev-01, only an origin server is allowed to generate a 305 response. It is authoritative for that resource, so the spoofing problems don't come up (and is the reason for that text being in the document...) - Jim
Received on Wednesday, 10 December 1997 16:52:13 UTC