W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

Re: CNONCE: proposed resolution

From: Dave Kristol <dmk@bell-labs.com>
Date: Mon, 03 Aug 1998 17:54:25 -0400
Message-Id: <35C63191.39F5@bell-labs.com>
To: Scott Lawrence <lawrence@agranat.com>
Cc: Paul Leach <paulle@microsoft.com>, HTTP Working Group <http-wg@cuckoo.hpl.hp.com>
Scott Lawrence wrote:
> 
> Paul Leach wrote:
> 
> > I think that absence of cnonce should be illegal if qop=auth or
> > qop=auth-int is selected by the client; if the client really _demands_
> > to be totally braindead, it can send a constant as its cnonce.
> 
> I'm also happy with that solution.

Just what does "illegal" mean?  What should a server do if it gets such
an "illegal" request?

Dave Kristol
Received on Monday, 3 August 1998 14:59:31 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:19 EDT