RE: Intent of 14.38 Server

Authentication protocols that provide integrity protection can rely on
the original wording to mean that they can include fields that proxies
aren't allowed to modify in the integrity check.

-----Original Message-----
From: []
On Behalf Of Travis Snoozy (Volt)
Sent: Wednesday, December 20, 2006 4:47 PM
Subject: Intent of 14.38 Server

Section 14.38 states:

"If the response is being forwarded through a proxy, the proxy
application MUST NOT modify the Server response-header. Instead, it MUST
include a Via field (as described in Section 14.45)."

Taken literally, this requirement overrides the ability for a proxy to
replace whitespace, and totally prevents a proxy from sanitizing the
field-value. Is this the intent? The mention of Via seems to indicate
otherwise -- that the intent is to prevent proxies from inserting their
own server string into the Server header.

Another problem is that the term "modify" is not defined precisely. Does
removal of a header count as modification?

Any thoughts?

-- Travis

Received on Thursday, 21 December 2006 01:24:50 UTC