W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

Authentication issue CNONCE: Proposed resolution

From: Larry Masinter <masinter@parc.xerox.com>
Date: Tue, 28 Jul 1998 10:58:19 PDT
To: HTTP Working Group <http-wg@cuckoo.hpl.hp.com>
Message-Id: <002501bdba51$4db3fac0$15d0000d@copper-208.parc.xerox.com>
(I'm going through the Authentication issue list
http://www.w3.org/Protocols/HTTP/Issues/ 
seeing if there are actually proposed resolutions of the open issues):

In http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0031.html
Dave Kristol wrote:

# 3.2.3 The Authentication-Info Header
# cnonce and qop are used in the calculation of response-digest.  The
# client is not required to send either cnonce= or auth=.  So I assume
# (correct?) that the null string is used for values for omitted
# attributes in the calculation.

I suggest that this be the correct interpretation, that the null
string is used for values for omitted attributes in the calculation.

# If (to use cnonce as the example) cnonce was omitted, should
# Authentication-Info omit cnonce, or should it send cnonce=""?  Same
# question for auth.

I propose that either MAY be allowed, since they are equivalent.

Larry
--
http://www.parc.xerox.com/masinter
 
Received on Tuesday, 28 July 1998 10:59:52 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:19 EDT