> > If we're opening this section for revisions, can we please > > also address the issue of whether the session key is recalculated > > when the server sends an Auth-Info header with nextnonce? > > I don't think that is ambiguous given the current text. If the server > sends a nextnonce, then it wants the client to start using it. I agree that such behavior is logical; however, the text that you just sent out says: If the "algorithm" directive's value is "MD5-sess", then A1 is calculated only once - on the first request by the client following receipt of a WWW-Authenticate challenge from the server. So... when you get a nextnonce, do you recalculate A1? Is that what you mean by "start using it?" Or do you calculate A1 "only once - on the first request by the client following receipt of a WWW-Authenticate challenge from the server," as the forgoing text indicates? /aReceived on Monday, 1 December 2003 12:01:02 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 6 June 2008 08:04:28 GMT