Re: Chained proxies, persistent connections, authentication

    Just to throw some more fuel on the fire, this is an excerpt from WRL
    Research Report 95/4 "The Case for Persistent-Connection HTTP" (Jeffrey
    Mogul, May 95):
    "A persistent-connection model for Web access potentially provides
    the opportunity for other improvements to HTTP [20]. For example,
    if authentication could be done per-connection rather than
    per-request, that should significantly reduce the cost of robust
    authentication, and so might speed its acceptance."

As the author of that paragraph, I should point out that it is
speculative ... "IF authentication COULD BE done per-connection"
... and although there might have been a plausible alternate
universe, in 1995 when I wrote that, in which HTTP authentication
could have been designed to be per-connection, this didn't
happen.  (Maybe SSL is that alternate universe; HTTP/1.1 is not.)

RFC2616 and RFC2617 are both dated June 1999.  That Research
Report is dated 4 years earlier.  Please be careful not to confuse
people about which document matters more.


Received on Thursday, 23 October 2003 13:37:54 UTC