- From: Jeffrey Mogul <Jeff.Mogul@hp.com>
- Date: Thu, 23 Oct 2003 10:37:48 -0700
- To: Rob Maidment <rob.maidment@clearswift.com>
- Cc: "'ietf-http-wg@w3.org'" <ietf-http-wg@w3.org>
Just to throw some more fuel on the fire, this is an excerpt from WRL
Research Report 95/4 "The Case for Persistent-Connection HTTP" (Jeffrey
Mogul, May 95):
"A persistent-connection model for Web access potentially provides
the opportunity for other improvements to HTTP [20]. For example,
if authentication could be done per-connection rather than
per-request, that should significantly reduce the cost of robust
authentication, and so might speed its acceptance."
As the author of that paragraph, I should point out that it is
speculative ... "IF authentication COULD BE done per-connection"
... and although there might have been a plausible alternate
universe, in 1995 when I wrote that, in which HTTP authentication
could have been designed to be per-connection, this didn't
happen. (Maybe SSL is that alternate universe; HTTP/1.1 is not.)
RFC2616 and RFC2617 are both dated June 1999. That Research
Report is dated 4 years earlier. Please be careful not to confuse
people about which document matters more.
-Jeff
Received on Thursday, 23 October 2003 13:37:54 UTC