W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: more on Digest Auth

From: John Franks <john@math.nwu.edu>
Date: Wed, 21 Feb 1996 16:57:31 -0600 (CST)
To: Paul Leach <paulle@microsoft.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.SUN.3.91.960221164938.9736A-100000@hopf.math.nwu.edu>
On Wed, 21 Feb 1996, Paul Leach wrote:

> 
> The draft also says that the nonce is a "server specified integer 
> value". (It _doesn't_ say if it's *HEX or *DIGIT...) If it included all 
> the material Dave uses, it would be a pretty big integer, and clients 
> probably wouldn't know how to increment it.
> 
> Changing the spec to say it's *HEX, and that the last 32 bits is the 
> part that clients must increment each time they return it in a request, 
> would enable the implementation of your suggestions.
> 

Well, now I'm confused.  I have been talking about 
draft-ietf-http-digest-aa-02.txt my version of which is dated
Dec. 20, 1995 and does not contain the word "increment."

What it does say is:

     "<nonce>
         A server-specified integer value which may be uniquely generated each
         time a 401 response is made.  Servers may defend themselves against
         replay attacks by refusing to reuse nonce values.  The nonce should be
         considered opqaue (sic) by the client."

Being considered "opaque" by the client means that clients don't increment
it.

John Franks 	Dept of Math. Northwestern University
		john@math.nwu.edu
Received on Wednesday, 21 February 1996 15:02:15 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:45 EDT