tor 2007-05-31 klockan 17:30 -0700 skrev Paul Leach:
> I don't have anything to do with implementations of HTTP by
> Microsoft anymore, so I can't say anything about what we might support
> in the future. But even if we did what you suggest, it would take a long
> time before any significant number of sites used it, because all sites
> have to cater to older browsers, from many vendors.
Sure. No problem.
> What requirements are you referring to?
In specific the requirements on strict transport connection association
for the authentication chain, requiring responses to challenges to be
transmitted over the same transport connection, and that messages are
authenticated without having any authorization headers simply by being
transmitted on a connection where authentication has completed.
Or in HTTP the required changes in the transport/message layering to
support the above, including forwarding via proxies, plus the inherited
Authorization status from the transport connection..
Regards
Henrik