[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: LYNX-DEV two curiosities from IETF HTTP session.
From: |
Jim Gettys |
Subject: |
RE: LYNX-DEV two curiosities from IETF HTTP session. |
Date: |
Wed, 10 Dec 1997 16:48:29 -0800 |
> From: Yaron Goland <address@hidden>
> Date: Wed, 10 Dec 1997 11:21:51 -0800
> To: "'address@hidden'" <address@hidden>, Josh Cohen <address@hidden>
> Cc: Foteos Macrides <address@hidden>, address@hidden,
> address@hidden
> Subject: RE: LYNX-DEV two curiosities from IETF HTTP session.
>
> I doubt any commercial browser will implement 305 without some very serious
> security provided to assure that the proxy asking for the one time redirect
> is going to get it. I would suggest that this problem needs to be dealt with
> in the large 305/306 context, in a stand alone spec, and that the draft
> standard for HTTP should simply state that 305 has been deprecated and
> SHOULD NOT be implemented.
>
> Yaron
I think you are confused.... In Rev-01, only an origin server is allowed
to generate a 305 response. It is authoritative for that resource, so
the spoofing problems don't come up (and is the reason for that text being
in the document...)
- Jim
- LYNX-DEV two curiosities from IETF HTTP session., Al Gilman, 1997/12/08
- Re: LYNX-DEV two curiosities from IETF HTTP session., Foteos Macrides, 1997/12/09
- RE: LYNX-DEV two curiosities from IETF HTTP session., Josh Cohen, 1997/12/10
- Re: LYNX-DEV two curiosities from IETF HTTP session., Foteos Macrides, 1997/12/10
- RE: LYNX-DEV two curiosities from IETF HTTP session., Yaron Goland, 1997/12/10
- RE: LYNX-DEV two curiosities from IETF HTTP session.,
Jim Gettys <=
- Re: LYNX-DEV two curiosities from IETF HTTP session., Foteos Macrides, 1997/12/10
- RE: LYNX-DEV two curiosities from IETF HTTP session., Paul Leach, 1997/12/11
- RE: LYNX-DEV two curiosities from IETF HTTP session., Yaron Goland, 1997/12/12