Folks, I'm sorry I raised this question without looking at the implications. The HTTP document draft-ietf-http-v11-spec-07.txt has explicit instructions: > 19.8.4 Possible Merge With Digest Authentication Draft > Note that the working group draft for Digest Authentication may be > processed by the IESG at the same time as this document; we leave it to > the RFC editor to decide whether to issue a single RFC containing both > drafts (see section 11.2 for where it would be put); in any case, the > reference in the reference list will need to be either deleted, or made > to the appropriate RFC (and section 11.2 deleted). and then in section 11.2: > 11.2 Digest Authentication Scheme > Note for the RFC editor: This section is reserved for including the > Digest Authentication specification, or if the RFC editor chooses to > issue a single RFC rather than two RFC's, this section should be > deleted. We were asked for confirmation that it was our intent to merge the two drafts. I don't think we have any other choices than either: a) delete section 11.2, and ignore 19.8.4 b) edit digest-aa in such a way that it is suitable for inserting into v11-spec as a revised section 11.2. However, on looking over digest-aa, it seems to me that just inserting it as chapter 11.2 is unworkable; the results would be an unreadable mess. First, digest-aa repeats many of the definitions of v11-spec, and has an extensive security considerations section. I think what we should do is craft a replacement paragraph for section 11.2. I suggest: "The HTTP/1.1 protocol includes a Digest Authentication Scheme, which is described in RFC xxxx." LarryReceived on Monday, 26 August 1996 12:27:48 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:08 EDT