Re: Proposal for new HTTP 1.1 authentication scheme

John Franks (john@math.nwu.edu)
Tue, 9 Dec 1997 15:09:00 -0600 (CST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Kristol: "Re: Proposal for new HTTP 1.1 authentication scheme"
Previous message: Dave Kristol: "Re: Proposal for new HTTP 1.1 authentication scheme"
In reply to: Dave Kristol: "Re: Proposal for new HTTP 1.1 authentication scheme"
Next in thread: Dave Kristol: "Re: Proposal for new HTTP 1.1 authentication scheme"

On Tue, 9 Dec 1997, Dave Kristol wrote:

> I still feel my one objection about proxy-added headers is substantive
> and unresolved.  Briefly, an origin server might omit headers that get
> figured into the entity-digest calculation.  A proxy might subsequently
> add those headers.  The client sees a message *with* the headers,
> calculates an entity-digest that figures them in, and gets a different
> answer from what the origin server calculated.
> 
> Dave Kristol
> 

I agree that there is an issue here.  The current spec says the
proxy MUST not add these headers.  If I recall you suggested the
MUST be changed to SHOULD.  I am not sure how this helps beyond
making the proxy technically "legal."  It doesn't materially affect
the problem.

What should a proxy do in this situation?  It seems it must either
not add headers or break the entity-digest.

John Franks
john@math.nwu.edu

Next message: Dave Kristol: "Re: Proposal for new HTTP 1.1 authentication scheme"
Previous message: Dave Kristol: "Re: Proposal for new HTTP 1.1 authentication scheme"
In reply to: Dave Kristol: "Re: Proposal for new HTTP 1.1 authentication scheme"
Next in thread: Dave Kristol: "Re: Proposal for new HTTP 1.1 authentication scheme"