W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

RE: Some comments on Digest Auth

From: Dave Kristol <dmk@research.bell-labs.com>
Date: Mon, 19 Jan 98 17:58:15 EST
Message-Id: <9801192258.AA21499@aleatory.tempo.bell-labs.com>
To: yarong@microsoft.com
Cc: http-wg@cuckoo.hpl.hp.com
Yaron Goland <yarong@microsoft.com> wrote:

  > Oh wait, I thought we were requiring that nonces never be re-used. If not
  > then that is cool, the next-nonce header should go into a SEPARATE
  > specification from the draft digest auth proposal. Since it is 100%
  > compatible with RFC 2069 and the draft digest auth proposal I don't see any
  > reason to shove it into the main digest auth spec. It can ride on its own.

My understanding is that the behavior of "nonce" is at the origin
server's discretion.  It can be one-time, time-limited, eternal,
whatever.  It's up to the implementation.

Dave Kristol
Received on Monday, 19 January 1998 15:02:50 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:10 EDT