W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: more on Digest Auth

From: Larry Masinter <masinter@parc.xerox.com>
Date: Thu, 22 Feb 1996 02:31:44 PST
To: john@math.nwu.edu
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, dmk@allegra.att.com
Message-Id: <96Feb22.023151pst.2733@golden.parc.xerox.com>
John,

My notes say that we are expecting a new draft of digest
authentication from the authors, of which you are one.

It was my impression that this new draft would include:

 * Adding an algorithm parameter.
 * Describe in detail construction of nonces.
	Here there are a number of tricks already in use which ensure that
	a nonce is only valid for requests comming from a single TCP/IP
	address.
 * Fix dependence on 'extension mechanism'.       
 * Enhance 'security considerations' section to explain limitations.

and that the latter part would cover in sufficient detail the issues
raised in the various critiques of Digest Authentication, so that
those who were considering this extension would be fully informed.

With these edits, we might be able to move forward with "Digest".
Without them, I don't see that we can.

Your note left me with the impression that you are unaware of any
plans to update the specification.

Did I just imagine that we were going to see a revised draft? If not
from you, from whom?
Received on Thursday, 22 February 1996 02:35:27 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:46 EDT