Re: Proposal for new HTTP 1.1 authentication scheme

Dave Kristol (dmk@bell-labs.com)
Tue, 09 Dec 1997 14:56:23 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Franks: "Re: Proposal for new HTTP 1.1 authentication scheme"
Previous message: Ben Laurie: "Re: Proposal for new HTTP 1.1 authentication scheme"
Maybe in reply to: Eric_Houston/CAM/Lotus@lotus.com: "Proposal for new HTTP 1.1 authentication scheme"
Next in thread: John Franks: "Re: Proposal for new HTTP 1.1 authentication scheme"
Reply: John Franks: "Re: Proposal for new HTTP 1.1 authentication scheme"

John Franks wrote:
> [...]
> Most of the suggestions by Paul and Dave seem to be clarifications
> of the original intent.  They should not cause problems.
> [...]

I still feel my one objection about proxy-added headers is substantive
and unresolved.  Briefly, an origin server might omit headers that get
figured into the entity-digest calculation.  A proxy might subsequently
add those headers.  The client sees a message *with* the headers,
calculates an entity-digest that figures them in, and gets a different
answer from what the origin server calculated.

Dave Kristol

Next message: John Franks: "Re: Proposal for new HTTP 1.1 authentication scheme"
Previous message: Ben Laurie: "Re: Proposal for new HTTP 1.1 authentication scheme"
Maybe in reply to: Eric_Houston/CAM/Lotus@lotus.com: "Proposal for new HTTP 1.1 authentication scheme"
Next in thread: John Franks: "Re: Proposal for new HTTP 1.1 authentication scheme"
Reply: John Franks: "Re: Proposal for new HTTP 1.1 authentication scheme"