- From: Dave Kristol <dmk@bell-labs.com>
- Date: Tue, 18 Aug 1998 09:39:06 -0400
- To: Jim Gettys <jg@pa.dec.com>
- Cc: http-wg@hplb.hpl.hp.com
Jim Gettys wrote: > [...] > We need data from implementers to make a good recommendation of how to > proceed. This question is needed to get data on whether the problem actually > occurs in practice in any deployed code, which will affect what the right > fix might be (if the situation never exists in any deployed code, then > the simplest, cleanest fix involves outlawing the protocol condition that > can generate the problem in the first place). > [...] > Are there any deployed HTTP servers or proxies that actually > send Authentication-Info or Content-MD5 in the trailer of > a chunked encoding when the request does not include "chunked" > in a TE request-header field? Sorry for the delay --- I've been away a few days. I don't know whether my server could be considered "deployed", but here's what it does. For *any* digest response to qop=auth-int, the server *always* sends a trailer (and chunked encoding) that contains Authentication-Info. The server ignores the TE header. (You may recall I argued (issue h2, TE-IDENTITY) that "chunked" should always be allowed. This support of Digest auth-int is why.) Dave Kristol
Received on Tuesday, 18 August 1998 06:42:28 UTC