W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Re: Digest mess

From: John Franks <john@math.nwu.edu>
Date: Mon, 22 Dec 1997 14:16:06 -0600 (CST)
To: Scott Lawrence <lawrence@agranat.com>
Cc: paulle@microsoft.com, ietf-http-wg@w3.org, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.LNX.3.96.971222140842.1184A-100000@hopf.math.nwu.edu>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/5044
On Mon, 22 Dec 1997, Scott Lawrence wrote:

>   Which leaves us with only whether or not to accept Pauls proposed
>   change to use H(H(A1)) rather than H(A1).

One other question.  Dave Kristol asked me what keeps a man in 
the middle from stripping the digest from the response.  I said
the digest-required field.   But I'm not sure I'm right.  It looks
like only the server can use digest-required now.  Do we want to
let the client require a digest also?  If so how?

John Franks
Received on Monday, 5 January 1998 09:36:46 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:22 UTC