W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

comments on draft-ietf-http-digest-aa-02.txt

From: Peter J Churchyard <pjc@trusted.com>
Date: Tue, 20 Feb 1996 16:43:29 -0500 (EST)
Message-Id: <9602202143.AA15618@hilo.trusted.com>
To: Ned Freed <NED@innosoft.com>
Cc: NED@innosoft.com, rtor@ansa.co.uk, fielding@avron.ICS.UCI.EDU, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
The draft mixes a number of parts together. It provides for
user authentication, request integrity and response integrity.

So it is more than just an authentication mechanism. The authentication
part is needed for the other two but could/should be untangled.

The parameterization can be used to cover an APOP style mechanism except that
the signature domain is not configurable. The suggested domain is

	H( H(A1) + ":" + N + ":" + H(A2))
The property H(A1) is fixed for a particular User/realm/triplet. So could be
replaced by the value A1 that is  H(A1) is the shared secret.

	H(A2) 
The uri sans proxy/routing is not very exact. Could it be specified as a
rel_path ?

Mapping APOP digest onto this would give a domain of
	N+P

Pete.
-- 
The TIS Network Security Products Group has moved!
voice: 301-527-9500 x123 fax: 301-527-0482
2277 Research Boulevard, 5th Floor, Rockville, MD 20850
Received on Tuesday, 20 February 1996 13:49:11 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:45 EDT