W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: more minor Digest Auth editorial comments

From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
Date: Thu, 29 Feb 1996 00:40:59 -0800
To: Paul Leach <paulle@microsoft.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9602290041.aa19769@paris.ics.uci.edu>
>    <header-digest> is a keyed digest over the entity headers (as defined by
>    HTTP -- e.g., as of HTTP/1.1, Content-Type and other Content-* headers,
>    Last-Modified, Expires, etc.) It is computed as

That won't work.  HTTP header fields of the same name can be appended
together, and header fields of different names can be reordered, by
any HTTP recipient without changing the semantics of the message.
The only way to digest the header fields is to first encapsulate them
using something like WRAPPED or MOSS.


 ...Roy T. Fielding
    Department of Information & Computer Science    (fielding@ics.uci.edu)
    University of California, Irvine, CA 92717-3425    fax:+1(714)824-4056
    http://www.ics.uci.edu/~fielding/
Received on Thursday, 29 February 1996 00:45:12 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:47 EDT