W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

RE: Some comments on Digest Auth

From: Vinod Valloppillil <vinodv@microsoft.com>
Date: Tue, 20 Jan 1998 15:30:44 -0800
Message-Id: <5CEA8663F24DD111A96100805FFE658701FDE65F@red-msg-51.dns.microsoft.com>
To: 'John Franks' <john@math.nwu.edu>, Paul Leach <paulle@microsoft.com>
Cc: Dave Kristol <dmk@bell-labs.com>, Yaron Goland <yarong@microsoft.com>, http-wg@cuckoo.hpl.hp.com
[re: embedding client IP addr in the nonce]

>If the client chooses the proxy based on URL it will work because the
>URL requested without credentials (which elicits the nonce) will be
>the same as the URL requested with credentials.  If the first request
>without credentials and the second with credentials are from different
>proxies, then you are right it will break.

this will be more common in the field as protocols such as
http://ircache.nlanr.net/Cache/ICP/draft-vinod-carp-v1-02.txt become more
popular....
Received on Wednesday, 21 January 1998 05:38:45 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:11 EDT