- From: Willy Tarreau <w@1wt.eu>
- Date: Tue, 26 Jul 2011 21:04:30 +0200
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Jul 26, 2011 at 08:29:11PM +0200, Julian Reschke wrote: > Björn, thanks. To the point as always... > > So: > > "Use of the Authorization header to transfer credentials implies that > the message is confidential with respect to the credentials provided in > that header field, meaning response messages ought to be treated as if > they had "Cache-Control: private", and that new authentication schemes > will have to take explicit measure to ensure the confidentiality of > messages, such as by using that very header, because deployed recipients > are otherwise unaware of the semantics." Looks a lot better to me :-) Best regards, Willy
Received on Tuesday, 26 July 2011 19:05:07 UTC