Paul Leach wrote: > > How about -- if auth= or auth-int= are specified, cnonce= is required and > MUST be a value never used before by the client? I like requiring cnonce because it makes the implementation simpler, but the advice about changing it should be just that - advice. It does not affect interoperability. Put something in the Security Considerations. -- Scott Lawrence Consulting Engineer <lawrence@agranat.com> Agranat Systems, Inc. Embedded Web Technology http://www.agranat.com/Received on Friday, 7 August 1998 07:17:15 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:19 EDT