W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

Re: Authentication issue CNONCE: Proposed resolution

From: Scott Lawrence <lawrence@agranat.com>
Date: Fri, 07 Aug 1998 14:14:10 +0000
Message-Id: <35CB0BB2.981C5B68@agranat.com>
To: HTTP Working Group <http-wg@hplb.hpl.hp.com>
Paul Leach wrote:
> 
> How about -- if auth= or auth-int= are specified, cnonce= is required and
> MUST be a value never used before by the client?

I like requiring cnonce because it makes the implementation simpler, but the
advice about changing it should be just that - advice.  It does not affect
interoperability.  Put something in the Security Considerations.


-- 
Scott Lawrence           Consulting Engineer      <lawrence@agranat.com>
Agranat Systems, Inc.  Embedded Web Technology   http://www.agranat.com/
Received on Friday, 7 August 1998 07:17:15 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:19 EDT