W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

Fwd: Closures for remaining technical Digest Issues

From: Jim Gettys <jg@pa.dec.com>
Date: Mon, 10 Aug 1998 12:26:00 -0700
Message-Id: <9808101926.AA02167@pachyderm.pa.dec.com>
To: http-wg@hplb.hpl.hp.com
This mail should clearly have gone to the general mailing list....

I'm updating the issues list to reflect this.
			- Jim

attached mail follows:


a1 REQUEST-DIGEST:   
    http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0031.html

    I believe that the suggested resolution in the mail is correct 
    - the syntax should just be:

        request-digest = <"> *LHEX <">

a2 CNONCE:

    I just posted by suggestion about this - use the null string, add
    a little text to security considerations about why it is a bad idea.

a3 NONCE-ETAG:

    I believe that Larrys message on this was on the mark
    ( http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q3/0028.html )
    to leave it as is.  There has been no objection, so leave it.

a4 DIGEST-MULTIPART 
   http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0040.html

   is, I think, not an issue - if you think that we need some text   
   clarifying what is meant by entity-body in a multipart response, then
   I guess we could add some, but I can't think where it belongs - ideas?

a5 CHALLENGE-ORDER
   I posted my proposed fix as:
   http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q3/0057.html

   it has been suggested that the statement I put in about not using
   basic or other replayable scheme is redundant.  I like it, and think
   that it will make the IESG happier, but use your own judgement.  There
   has been no other substantive comment.

I think that closes all the technical issues.

-- 
Scott Lawrence           Consulting Engineer      <lawrence@agranat.com>
Agranat Systems, Inc.  Embedded Web Technology   http://www.agranat.com/

attached mail follows:


Scott Lawrence <lawrence@agranat.com> wrote:
  > a4 DIGEST-MULTIPART 
  >    http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0040.html
  > 
  >    is, I think, not an issue - if you think that we need some text   
  >    clarifying what is meant by entity-body in a multipart response, then
  >    I guess we could add some, but I can't think where it belongs - ideas?

I, for one, think it deserves a clarification.  (If it had been clear,
I wouldn't have asked my question.)

I need to leave for the day, but I can try to suggest words and
pinpoint a place to put them tomorrow, unless someone else beats me to
it.

Dave

attached mail follows:


  >   > a4 DIGEST-MULTIPART 
  >   >    http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0040.html
  >   > 
  >   >    is, I think, not an issue - if you think that we need some text   
  >   >    clarifying what is meant by entity-body in a multipart response, then
  >   >    I guess we could add some, but I can't think where it belongs - ideas?
  > 
  > I, for one, think it deserves a clarification.  (If it had been clear,
  > I wouldn't have asked my question.)
  > 
  > I need to leave for the day, but I can try to suggest words and
  > pinpoint a place to put them tomorrow, unless someone else beats me to
  > it.

As promised, a proposal:
In "3.2.2 The Authorization Request Header", amend this paragraph:

    Also note that if integrity protection is applied (qop=auth-int),
    the H(entity-body) is the hash of the entity body, not the
    message body - it is computed before any transfer encoding is
    applied by the sender and after it has been removed by the
    recipient.

Add to it:
    Further note that, if the entity comprises a multipart message-body,
    H(entity-body) is a hash of the entire multi-part message-body,
    including its MIME header parts.

attached mail follows:



On Tue, 4 Aug 1998, Dave Kristol wrote:

> Add to it:
>     Further note that, if the entity comprises a multipart message-body,
>     H(entity-body) is a hash of the entire multi-part message-body,
>     including its MIME header parts.

Sounds good.
Received on Monday, 10 August 1998 12:28:03 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:20 EDT