- From: Dave Kristol <dmk@research.bell-labs.com>
- Date: Thu, 27 Aug 1998 00:16:56 -0400 (EDT)
- To: fielding@kiwi.ics.uci.edu, mogul@pa.dec.com
- Cc: http-wg@hplb.hpl.hp.com
Just to add a real data point to the discussion:
In handling Digest, my server decides whether to send qop="auth" or
qop="auth,auth-int" in a challenge based on whether it knows that the
client can handle chunked+trailers, since I send Authentication-Info as
a chunked trailer always. If you think it through, you see the
message sequence is
1) C->S
Get resource R
2) S->C
401 Authentication Required
send qop="auth" or qop="auth,auth-int" based on client's ability to
handle chunked+trailers
3) C->S
Get resource R
WWW-Authenticate ... qop=auth or qop=auth-int
4) S->C
200 OK
send R, possibly chunked and with trailers for qop=auth-int
Therefore, if the server can decide at step (2) whether it's safe
to send trailers, there shouldn't be a problem.
I can live with Roy's Via proposal or the TE: trailers proposal. Both
should let me tell whether it's safe to send trailers.
Dave Kristol
Received on Wednesday, 26 August 1998 21:20:03 UTC