W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Re: Digest mess

From: Scott Lawrence <lawrence@agranat.com>
Date: Mon, 22 Dec 1997 14:52:01 -0500
Message-Id: <199712221952.OAA21349@devnix.agranat.com>
To: John Franks <john@math.nwu.edu>
Cc: Scott Lawrence <lawrence@agranat.com>, jg@w3.org, paulle@microsoft.com, ietf-http-wg@w3.org, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com

>>>>> "JF" == John Franks <john@math.nwu.edu> writes:

JF> Let me suggest a compromise here that might meet everyone's needs.

JF> To the Authentication-info header we add a "digested-headers"
JF> field with the form

JF>    dheaders="status_code:entity_length:date:L-M-date:expires"

JF> but we add the proviso that a server MAY omit any or all of the
JF> dates.  Here are the advantages I see:

JF> ...

  I think that this is a workable solution, if a verbose one, but I
  suppose that really is a good idea, and it minimizes the long term
  state required at both ends of the transaction.

JF> Just to clean things up a little I would then change the definition
JF> of entity-digest to

JF> -----------------------------------------------------------
JF>             entity-digest =
JF>                     <"> KD (H(A1), unquoted nonce-value ":"
JF>                          transaction-info ":" H(entity-body)) <">
JF>                                        ; format is <"> *LHEX <">

  Which leaves us with only whether or not to accept Pauls proposed
  change to use H(H(A1)) rather than H(A1).

  Paul - would you please give us a paragraph on the rationale for
  this; if we're going to do it I think that we will want something in
  the spec for how to use the capability it provides...

--
Scott Lawrence           EmWeb Embedded Server       <lawrence@agranat.com>
Agranat Systems, Inc.        Engineering            http://www.agranat.com/
Received on Monday, 5 January 1998 09:38:37 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:09 EDT