W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Re: Digest mess

From: Dave Kristol <dmk@bell-labs.com>
Date: Wed, 07 Jan 1998 13:05:35 -0500
Message-Id: <34B3C3EF.4DAA423A@bell-labs.com>
To: HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
The conflicting positions (should Digest have some kind of integrity
check?) seem to stem from two different perspectives:

1) Servers want to identify users.  Neither the server nor the client is
particularly concerned about the integrity of messages (typically GETs
that return information to the client).

2) Servers want to have some assurance that stuff they receive from
clients (PUT/POST) is what was sent.  So they want an integrity check.

I think a lot of the arguing here of late has been because of the
failure to see these two perspectives.  I, and a bunch of others I've
stirred up, appear to be more interested in (1).  Scott Lawrence and
Paul Leach, at least, seem especially concerned with (2).

Can the two functions be separated so (1) can progress with "old"
Digest?

Dave Kristol
Received on Wednesday, 7 January 1998 10:14:02 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:09 EDT