W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Digest auth and Range and qop=auth-int

From: Dave Kristol <dmk@research.bell-labs.com>
Date: Wed, 15 Apr 1998 11:46:17 -0400 (EDT)
Message-Id: <199804151546.LAA14190@aleatory.research.bell-labs.com>
To: http-wg@cuckoo.hpl.hp.com
Just want to do a reality check.  Suppose we have

1) C<-S
    HTTP/1.1 401 Unauthorized
    WWW-Authenticate: Digest ... qop="auth,auth-int", ...

2) C->S
    GET / HTTP/1.1
    Host: foo
    Range: bytes=0-1,2-3
    Authorization: Digest ... qop=auth-int, ...,
    	response="d1837789f989729e19578e86cadbd06e", ...

3) C<-S
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Apr 1998 15:26:04 GMT
    Server: DMKHTD/1.06c
    Content-type: multipart/byteranges; boundary=xyzzy
    Last-modified: Wed, 27 Nov 1996 22:36:24 GMT
    Etag: "1e7d0a-6ac-329cc268"
    Authentication-Info: ... rspauth=<stuff>, ...

    --xyzzy
    Content-type: text/html
    Content-range: bytes 0-1/1708

    <H
    --xyzzy
    Content-type: text/html
    Content-range: bytes 2-3/1708

    TM
    --xyzzy--

Now, response-digest computes
   A2       = Status-Code ":" digest-uri-value ":" H(entity-body)

I assume that entity-body in this context comprises all the stuff that
gets returned as a response, including multipart boundaries and
embedded headers in each part.

Sounds like fun to implement.

Dave Kristol
Received on Wednesday, 15 April 1998 08:52:47 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:14 EDT