W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

RE: Etag in nonce

From: Fisher Mark <fisherm@tce.com>
Date: Thu, 14 May 1998 09:22:08 -0500
Message-Id: <2C396693FBDED111AEF60000F84104A721BEB4@indyexch_fddi.indy.tce.com>
To: http-wg@cuckoo.hpl.hp.com
Dave Kristol wrote:
>2) <http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0035.html>
>
>Recommending that the (Digest) nonce include Etag seems like a bad
>idea -- it makes the nonce non-reusable for other entities.

I think that allowing, but not recommending, the Etag in the nonce is
the best course.  There is some (slight?) security gain by doing so, but
with the major disadvantage of non-reusability.  (This should likely be
documented...)
==========================================================
Mark Leighton Fisher          Thomson Consumer Electronics
fisherm@indy.tce.com          Indianapolis, IN
"Browser Torture Specialist, First Class"
Received on Thursday, 14 May 1998 07:25:51 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:18 EDT