W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

Re: CNONCE: proposed resolution

From: Dave Kristol <dmk@bell-labs.com>
Date: Mon, 03 Aug 1998 17:54:25 -0400
Message-Id: <35C63191.39F5@bell-labs.com>
To: Scott Lawrence <lawrence@agranat.com>
Cc: Paul Leach <paulle@microsoft.com>, HTTP Working Group <http-wg@cuckoo.hpl.hp.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/300
Scott Lawrence wrote:
> Paul Leach wrote:
> > I think that absence of cnonce should be illegal if qop=auth or
> > qop=auth-int is selected by the client; if the client really _demands_
> > to be totally braindead, it can send a constant as its cnonce.
> I'm also happy with that solution.

Just what does "illegal" mean?  What should a server do if it gets such
an "illegal" request?

Dave Kristol
Received on Monday, 3 August 1998 14:59:31 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:22 UTC