W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Digest mess

From: John Franks <john@math.nwu.edu>
Date: Wed, 17 Dec 1997 11:32:02 -0600 (CST)
To: "John C. Mallery" <jcma@ai.mit.edu>
Cc: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>, rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.LNX.3.95.971217112454.6533A-100000@hopf.math.nwu.edu>
On Wed, 17 Dec 1997, John C. Mallery wrote:

> 
> It has to provide a hash of the return codes and a hash of
> the entity to achieve its full potential.  This allows client
> to know that you have the right entity body and it allows 
> the client to know how the server processed the request,
> i.e. the entire transaction is authenticated. This point
> has been raised before on the list.  I can't why it isn't
> dead obvious.
> 

Let me repeat: ALL OF THIS IS IN THE CURRENT DRAFT.  And there
are implementations.

I don't understand your point.  Are you arguing that the 
Authentication-info header should not be optional?  In that
case it would not be feasible to use digest for things like
registering newspaper readers where authenticating every article
would not be worth the overhead.


John Franks
john@math.nwu.edu
Received on Wednesday, 17 December 1997 09:37:18 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:05 EDT