W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Re: Digest mess

From: Larry Masinter <masinter@parc.xerox.com>
Date: Tue, 6 Jan 1998 18:36:21 PST
Message-Id: <34B2EA25.CC3027C9@parc.xerox.com>
To: John Franks <john@math.nwu.edu>
Cc: Dave Kristol <dmk@bell-labs.com>, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
> A number of others have echoed this sentiment.  There may be an
> emerging consensus to undock all the entity-digest and
> Authentication-info parts of the current digest specification, leaving
> digest as a simple replacement for Basic authentication with precisely
> the same functionality, but with the elimination of cleartext
> passwords.
> 
> I have no problem with this.  I think it does not break existing
> implementations because the parts to be removed are optional.
> 
> This would then allow interested parties to pursue "digest-ng" which
> could be incompatible and in particular could authenticate the server
> to the client by the use of client nonces.  It could also deal with
> the issues of digesting headers.

This sounds like a good plan. It might be that "digest-ng" should
be proposed to the WTS working group, however.

Larry
-- 
http://www.parc.xerox.com/masinter
Received on Tuesday, 6 January 1998 18:42:45 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:09 EDT