Ingo Struck wrote: > - some netscape descendants tend to use a stale nonce > after the server sent an updated nonce As I've pointed out many times over the past several years: 2617 contains _conflicting_ language regarding whether H(A1) should be recalculated upon receipt of nextnonce when using MD5-sess. It would take one short sentence to resolve this ambiguity one way or the other. With conflicting language in the spec, it's no wonder that these implementations get it "wrong" -- they have to choose between two mutually exclusive statements. /aReceived on Sunday, 15 October 2006 17:04:56 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:24 GMT