lör 2007-02-03 klockan 13:42 -0800 skrev Roy T. Fielding: > Well, considering the rationale is based on using NTLM > authentication (a non-standard authentication mechanism that does > not work outside an intranet and isn't valid for HTTP anyway) for > requests to proxies performing whole-content filtering (an architecture > that definitely won't work with NTLM), I don't think you should > worry about it. Band-aids are not sufficient for amputated limbs. Pretty much the same problems is seen for the standard schemes as well, just not as frequent. In basic it's seen on the first request to the realm, and in digest it's seen whenever the nonce has expired, isn't suitable for the request or if the client does not support nonce count. 100 Continue helps, but only partially. It would be good if the connection could be held persistent without having to transmit the request body, at least in the digest cases which is automated responses not requiring any user input for completion. Regarding the second half of the draft, the "Progress" header, is it really suitable to overload 100 Continue for this purpose as well? Specifically 3.1.2 Use of 100 continue for progress messages. Regards Henrik
Received on Sunday, 4 February 2007 00:09:11 UTC