[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: LYNX-DEV two curiosities from IETF HTTP session.
From: |
Paul Leach |
Subject: |
RE: LYNX-DEV two curiosities from IETF HTTP session. |
Date: |
Thu, 11 Dec 1997 19:27:36 -0800 |
> ----------
> From: address@hidden:address@hidden
> Sent: Wednesday, December 10, 1997 4:48 PM
>
<snip>
> I think you are confused.... In Rev-01, only an origin server is allowed
> to generate a 305 response. It is authoritative for that resource, so
> the spoofing problems don't come up (and is the reason for that text being
> in the document...)
>
And exactly how can the browser tell that it was the origin server that sent
the 305? And not the untrustworthy proxy in between the client and the
server?
I know that normally one trusts one's proxy, but since security issues are
being raised here, the question needs to be asked.
Paul
- LYNX-DEV two curiosities from IETF HTTP session., Al Gilman, 1997/12/08
- Re: LYNX-DEV two curiosities from IETF HTTP session., Foteos Macrides, 1997/12/09
- RE: LYNX-DEV two curiosities from IETF HTTP session., Josh Cohen, 1997/12/10
- Re: LYNX-DEV two curiosities from IETF HTTP session., Foteos Macrides, 1997/12/10
- RE: LYNX-DEV two curiosities from IETF HTTP session., Yaron Goland, 1997/12/10
- Re: LYNX-DEV two curiosities from IETF HTTP session., Foteos Macrides, 1997/12/10
- RE: LYNX-DEV two curiosities from IETF HTTP session.,
Paul Leach <=
- RE: LYNX-DEV two curiosities from IETF HTTP session., Yaron Goland, 1997/12/12