- From: Scott Lawrence <lawrence@agranat.com>
- Date: Fri, 07 Aug 1998 14:14:10 +0000
- To: HTTP Working Group <http-wg@hplb.hpl.hp.com>
Paul Leach wrote: > > How about -- if auth= or auth-int= are specified, cnonce= is required and > MUST be a value never used before by the client? I like requiring cnonce because it makes the implementation simpler, but the advice about changing it should be just that - advice. It does not affect interoperability. Put something in the Security Considerations. -- Scott Lawrence Consulting Engineer <lawrence@agranat.com> Agranat Systems, Inc. Embedded Web Technology http://www.agranat.com/
Received on Friday, 7 August 1998 07:17:15 UTC