W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Re: comments on draft-ietf-http-authentication-01.txt

From: Scott Lawrence <lawrence@agranat.com>
Date: Sun, 29 Mar 1998 14:01:57 -0500
Message-Id: <199803291901.OAA01234@devnix.agranat.com>
To: Dave Kristol <dmk@bell-labs.com>
Cc: Paul Leach <paulle@microsoft.com>, http-wg@cuckoo.hpl.hp.com

>>>>> "DK" == Dave Kristol <dmk@bell-labs.com> writes:

DK> Sect. 3.2.3, The Authentication-Info Header
DK>     What should a client do if the rspauth=response-digest information
DK>     is wrong?

PL> Not accept the response.

DK> How does a client, which has already read a response, "not accept
DK> [it]"?  I'm picking nits here, true.  Does it mean that a browser would
DK> show the user an error saying that the received response was in error?
DK> Or does it just stop spinning its logo and leave on the screen what was
DK> already there?

  How does a browser indicate now when the certificate from an SSL
  connection does not check out or the messages arriving on the
  connection do not have valid signatures?  The User Agent should do
  the right thing - authentication has failed.

--
Scott Lawrence           EmWeb Embedded Server       <lawrence@agranat.com>
Agranat Systems, Inc.        Engineering            http://www.agranat.com/
Received on Sunday, 29 March 1998 11:21:56 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:14 EDT