W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: more minor Digest Auth editorial comments

From: John Franks <john@math.nwu.edu>
Date: Wed, 28 Feb 1996 08:00:21 -0600 (CST)
To: Paul Leach <paulle@microsoft.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.SUN.3.91.960228074420.25117A-100000@hopf.math.nwu.edu>
On Tue, 27 Feb 1996, Paul Leach wrote:

> I made these before, but they may have been lost in the incrementing 
> discussion.
> 1. A definition of what is "message-body" in section 2.1 needs to be 
> given. Does it include entity-headers, general-headers, 
> response-headers (when sent by server) or request-headers (when sent by 
> client), as well as the entity-body?

I have changed <message-body> to <entity-body> and added the two sentences:

   The <entity-body> is the "entity body" as
   prescribed in the Hypertext Transfer Protocol.  It consists of the
   data transferred after the <CRLF><CRLF> signaling the end of the 
   entity headers.
> 2. In the security considerations section, the rationale for including
> client IP in the recommended nonce needs to be given, over just
> checking the IP address of a later request containing a nonce against
> the IP address to which the nonce was originally given. Is it to
> reduce the amount of state that the server needs to hold?

It is done so the server can be stateless.  As far as I know there
are no stateful implementations of Digest Authentication.  I have
added the following sentence to section 3.2

   Digesting the client
   IP and timestamp in the nonce permits an implementation which does
   not maintain state between transactions.

On a related topic, I don't want to move the recommended nonce
construction material to an appendix.  This might make sense from
an editorial point of view, but we were explicitly charged with
expanding the nonce section and I want it to be very clear we have
met this charge, not just tacked on an appendix.  

John Franks 	Dept of Math. Northwestern University
Received on Wednesday, 28 February 1996 06:03:20 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:16 UTC