This mail should clearly have gone to the general mailing list.... I'm updating the issues list to reflect this. - Jim
attached mail follows:
a1 REQUEST-DIGEST:
http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0031.html
I believe that the suggested resolution in the mail is correct
- the syntax should just be:
request-digest = <"> *LHEX <">
a2 CNONCE:
I just posted by suggestion about this - use the null string, add
a little text to security considerations about why it is a bad idea.
a3 NONCE-ETAG:
I believe that Larrys message on this was on the mark
( http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q3/0028.html )
to leave it as is. There has been no objection, so leave it.
a4 DIGEST-MULTIPART
http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0040.html
is, I think, not an issue - if you think that we need some text
clarifying what is meant by entity-body in a multipart response, then
I guess we could add some, but I can't think where it belongs - ideas?
a5 CHALLENGE-ORDER
I posted my proposed fix as:
http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q3/0057.html
it has been suggested that the statement I put in about not using
basic or other replayable scheme is redundant. I like it, and think
that it will make the IESG happier, but use your own judgement. There
has been no other substantive comment.
I think that closes all the technical issues.
--
Scott Lawrence Consulting Engineer <lawrence@agranat.com>
Agranat Systems, Inc. Embedded Web Technology http://www.agranat.com/
attached mail follows:
Scott Lawrence <lawrence@agranat.com> wrote: > a4 DIGEST-MULTIPART > http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0040.html > > is, I think, not an issue - if you think that we need some text > clarifying what is meant by entity-body in a multipart response, then > I guess we could add some, but I can't think where it belongs - ideas? I, for one, think it deserves a clarification. (If it had been clear, I wouldn't have asked my question.) I need to leave for the day, but I can try to suggest words and pinpoint a place to put them tomorrow, unless someone else beats me to it. Dave
attached mail follows:
> > a4 DIGEST-MULTIPART > > http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0040.html > > > > is, I think, not an issue - if you think that we need some text > > clarifying what is meant by entity-body in a multipart response, then > > I guess we could add some, but I can't think where it belongs - ideas? > > I, for one, think it deserves a clarification. (If it had been clear, > I wouldn't have asked my question.) > > I need to leave for the day, but I can try to suggest words and > pinpoint a place to put them tomorrow, unless someone else beats me to > it. As promised, a proposal: In "3.2.2 The Authorization Request Header", amend this paragraph: Also note that if integrity protection is applied (qop=auth-int), the H(entity-body) is the hash of the entity body, not the message body - it is computed before any transfer encoding is applied by the sender and after it has been removed by the recipient. Add to it: Further note that, if the entity comprises a multipart message-body, H(entity-body) is a hash of the entire multi-part message-body, including its MIME header parts.
attached mail follows:
On Tue, 4 Aug 1998, Dave Kristol wrote: > Add to it: > Further note that, if the entity comprises a multipart message-body, > H(entity-body) is a hash of the entire multi-part message-body, > including its MIME header parts. Sounds good.Received on Monday, 10 August 1998 12:28:03 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:20 EDT