W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

Re: Authentication issue CNONCE: Proposed resolution

From: Scott Lawrence <lawrence@agranat.com>
Date: Fri, 07 Aug 1998 14:14:10 +0000
Message-Id: <35CB0BB2.981C5B68@agranat.com>
To: HTTP Working Group <http-wg@hplb.hpl.hp.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/315
Paul Leach wrote:
> How about -- if auth= or auth-int= are specified, cnonce= is required and
> MUST be a value never used before by the client?

I like requiring cnonce because it makes the implementation simpler, but the
advice about changing it should be just that - advice.  It does not affect
interoperability.  Put something in the Security Considerations.

Scott Lawrence           Consulting Engineer      <lawrence@agranat.com>
Agranat Systems, Inc.  Embedded Web Technology   http://www.agranat.com/
Received on Friday, 7 August 1998 07:17:15 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:23 UTC