RE: Some comments on Digest Auth

[re: embedding client IP addr in the nonce]

>If the client chooses the proxy based on URL it will work because the
>URL requested without credentials (which elicits the nonce) will be
>the same as the URL requested with credentials.  If the first request
>without credentials and the second with credentials are from different
>proxies, then you are right it will break.

this will be more common in the field as protocols such as
http://ircache.nlanr.net/Cache/ICP/draft-vinod-carp-v1-02.txt become more
popular....

Received on Wednesday, 21 January 1998 05:38:45 UTC