Re: Proposal for new HTTP 1.1 authentication scheme
Dave Kristol (dmk@bell-labs.com)
Tue, 09 Dec 1997 20:50:06 -0500
Paul Leach wrote:
> There are two ways to fix the problem --
> 1. Say that origin servers can't omit the headers
> 2. Say that proxies can't add them when using Message Disgest.
>
> I don't know which is best. For Date, at least, it seems silly to omit it.
I think we're looking at the problem from different directions. A
*sender* produces an entity-digest. I look at the problem from the
perspective of an origin server *receiving* the entity-digest. In this
case the sender is a client (user-agent), possibly doing a PUT or POST.
Clients seldom send Date. Proxies could (conceivably) add them.
I like Benjamin Franz's suggestion of a fixed date that means "this is
not a date" as a placeholder.
Content-length is another matter. If the client sends the entity with
chunked encoding, it probably does not know the content length, although
it may calculate an entity-digest on the fly (and add it as a
trailer?). But the proxy may coalesce the entity and add a
Content-length header. Now what? The entity-digest as calculated by
the two parties will be different because of the Content-length.
Dave Kristol