[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV two curiosities from IETF HTTP session.
From: |
Foteos Macrides |
Subject: |
Re: LYNX-DEV two curiosities from IETF HTTP session. |
Date: |
Wed, 10 Dec 1997 16:58:10 -0500 (EST) |
Yaron Goland <address@hidden> wrote:
>I doubt any commercial browser will implement 305 without some very serious
>security provided to assure that the proxy asking for the one time redirect
>is going to get it. I would suggest that this problem needs to be dealt with
>in the large 305/306 context, in a stand alone spec, and that the draft
>standard for HTTP should simply state that 305 has been deprecated and
>SHOULD NOT be implemented.
You apparently haven't yet grasped the changes Jim already has
made for 305 in Rev-01. The 305 can *only* be sent by an origin server.
Deployed proxies will pass it through to the browser, as they do for
300, 301, 302, 303 and 307. Josh's 305/306 draft has been dropped
from Rev-01, with expectation that he (and Ari) will generate a new,
306-only draft (complementary to a revised OPTIONS draft). I suppose
a proxy, if already being used by the browser, could (should?) act on
the 305, and there shouldn't be a security problem with that if the
305 is to be handled always as a GET. If unsafe methods are to be
retained with 305, instead of postponing that functionality to a new
306 proposal, then yes, it would be better to drop 305. But 305 would
be useful if it were specified as presently in Rev-01 with the addition
of a sentence that GET always should be used, and who knows when, if
ever, the security/privacy problems with 306 will be solved.
Fote
=========================================================================
Foteos Macrides Worcester Foundation for Biomedical Research
address@hidden 222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
- LYNX-DEV two curiosities from IETF HTTP session., Al Gilman, 1997/12/08
- Re: LYNX-DEV two curiosities from IETF HTTP session., Foteos Macrides, 1997/12/09
- RE: LYNX-DEV two curiosities from IETF HTTP session., Josh Cohen, 1997/12/10
- Re: LYNX-DEV two curiosities from IETF HTTP session., Foteos Macrides, 1997/12/10
- RE: LYNX-DEV two curiosities from IETF HTTP session., Yaron Goland, 1997/12/10
- Re: LYNX-DEV two curiosities from IETF HTTP session.,
Foteos Macrides <=
- RE: LYNX-DEV two curiosities from IETF HTTP session., Paul Leach, 1997/12/11
- RE: LYNX-DEV two curiosities from IETF HTTP session., Yaron Goland, 1997/12/12