- From: Fisher Mark <fisherm@tce.com>
- Date: Thu, 14 May 1998 09:22:08 -0500
- To: http-wg@cuckoo.hpl.hp.com
Dave Kristol wrote: >2) <http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0035.html> > >Recommending that the (Digest) nonce include Etag seems like a bad >idea -- it makes the nonce non-reusable for other entities. I think that allowing, but not recommending, the Etag in the nonce is the best course. There is some (slight?) security gain by doing so, but with the major disadvantage of non-reusability. (This should likely be documented...) ========================================================== Mark Leighton Fisher Thomson Consumer Electronics fisherm@indy.tce.com Indianapolis, IN "Browser Torture Specialist, First Class"
Received on Thursday, 14 May 1998 07:25:51 UTC