RE: LYNX-DEV two curiosities from IETF HTTP session.

[Yaron Goland]

I doubt any commercial browser will implement 305 without some very serious
security provided to assure that the proxy asking for the one time redirect
is going to get it. I would suggest that this problem needs to be dealt with
in the large 305/306 context, in a stand alone spec, and that the draft
standard for HTTP should simply state that 305 has been deprecated and
SHOULD NOT be implemented.

        Yaron

> -----Original Message-----
> From: address@hidden [SMTP:address@hidden
> Sent: Wednesday, December 10, 1997 10:02 AM
> To:   Josh Cohen
> Cc:   Foteos Macrides; address@hidden;
> address@hidden
> Subject:      RE: LYNX-DEV two curiosities from IETF HTTP session.
> 
> Here's what I think needs to happen:
> 
> It looks to me as though we may need a clarification to Rev-01 on 305 (use
> 
> this proxy for a single request) to to match the existing Lynx behavior, 
> if that is actually the "right thing" for the desired semantics (single 
> time redirection to a proxy). (previous comments say that we're pretty
> close 
> to that now in Rev-01, but a bit of further tweaking is needed).
> 
> And the full "go use this proxy forever" functionality (i.e. what we
> called 
> 306) needs to get addressed somehow, but in an independent (not HTTP/1.1 
> document (and concievably, outside of HTTP altogether, if that seems the 
> right solution.).  This one nees to deal with all the security/trust
> problems 
> identified in the discussion on 306 in the mailing list.      
> 
>                                               - Jim
>