W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

On te, and on case in the digest example (2nd send)

From: Daniel Hellerstein <danielh@mailbox.econ.ag.gov>
Date: Wed, 29 Apr 1998 10:48:15 -0400
Message-Id: <s54705a0.095@MAILBOX.ECON.AG.GOV>
To: http-wg@cuckoo.hpl.hp.com


2) The example on pg 17 of the digest authentication draft
should mention a  few gotchas:

i) method of GET is used (GET, not get, is used)

ii) the 32 hex character md5 (not the 128 bit) is used in H(), with
lower case abcdef characters used.   Given that the content-md5
header uses a pack64 of the 128 bit hash, reiterating that the
example uses a "lower case 32 hex-char" hash might save a 
few headaches.

iii)The example nonce (pg 9)
 time-stamp H(time-stamp ":" ETag ":" private-key)   
was a bit hard to read -- at least I missed that it meant
"concatenate time-stamp with  H(time-stamp ":" ETag ":" private-key),
and then you can use the unhashed time-stamp to verify the
nonce.
Received on Wednesday, 29 April 1998 08:05:04 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:15 EDT