W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Digest-MessageDigest doesn't work with proxies

From: John Franks <john@math.nwu.edu>
Date: Fri, 1 Mar 1996 14:09:01 -0600 (CST)
To: Paul Leach <paulle@microsoft.com>
Cc: hallam@w3.org, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.SUN.3.91.960301140546.1014A-100000@hopf.math.nwu.edu>
On Fri, 1 Mar 1996, Paul Leach wrote:

> John said:
> ----------
> ]]
> ] > Are you just talking about D-MD, or Digest Auth for
> ] > Proxy-Authentication and Proxy-Authorization as well?
> ] >
> ]
> ] Digest-MessageDigest has been part of the draft since its very early
> ] versions.  It has limitations. I don't think we are in a position
> ] to either remove it or overcome its limitations.  The new nextnonce
> ] field seems to me to be a useful addition which is is a very modest
> ] change and not likely to lead to any unpleasant surprises.  I also
> ] agree with Paul that there is not much reason to keep the user, nonce
> ] and realm fields.  In the fullness of time we can and will create
> ] stronger ways of dealing with authentication, proxies, headers, etc.
> ]
> ] I propose that the D-MD section of this draft be:
> ]
> [omitted]
> 
> The problem is, this is broken when a proxy is involved.  I don't care 
> if you enhance the section along the lines of my suggestions, but it 
> has to work when proxies are involved, otherwise huge numbers of 
> clients can't use digest auth -- perhaps even the majority of users in 
> the near future.
> 

Are you saying it is broken for end-to-end transactions when the data
passes through proxies?  If so why?  Or is it just that it doesn't 
handle proxy authentication?


John Franks 	Dept of Math. Northwestern University
		john@math.nwu.edu
Received on Friday, 1 March 1996 12:13:41 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:47 EDT