- From: John Franks <john@math.nwu.edu>
- Date: Wed, 17 Dec 1997 21:01:50 -0600 (CST)
- To: Paul Leach <paulle@microsoft.com>
- Cc: "'Roy T. Fielding'" <fielding@kiwi.ics.uci.edu>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
On Wed, 17 Dec 1997, Paul Leach wrote: > Does it (Apache proxy) canonicalize any other headers? If the incoming Date, > L-M, and Expires are already canonical, does the exact string value change > (spaces inserted, e.g.)? > I remain convinced that the problem lies not with the digest authentication but with proxy behavior. However, it does seem that the problems we have involving a conflicting behavior of the two could be fixed by some modest changes in digest. First an assumption: the problem lies with responses, not requests (correct me if this is wrong). I.e. proxies don't change the Date header and won't change L-M or expires if any such ever exists in a request. If this is the case then adding a field to the Authentication-Info header could solve the problem by duplicating the headers which a proxy might change. I have in mind something like dheaders = "date:content_len:L-M-date:expires" John Mallery points out that it would be good to have the response status code digested as well. If it is included here that becomes possible (which it wasn't before since proxies change it from say 304 to 200). This header would also eliminate problems of proxies canonicalizing headers. An extra header (and not a short one) does add to overhead, but it eliminates a lot of headaches here. John Franks
Received on Wednesday, 17 December 1997 19:06:26 UTC