- From: Adam Roach <adam@dynamicsoft.com>
- Date: Mon, 1 Dec 2003 11:00:59 -0600
- To: "'Scott Lawrence'" <scott-http@skrb.org>
- Cc: ietf-http-wg@w3.org
> > If we're opening this section for revisions, can we please > > also address the issue of whether the session key is recalculated > > when the server sends an Auth-Info header with nextnonce? > > I don't think that is ambiguous given the current text. If the server > sends a nextnonce, then it wants the client to start using it. I agree that such behavior is logical; however, the text that you just sent out says: If the "algorithm" directive's value is "MD5-sess", then A1 is calculated only once - on the first request by the client following receipt of a WWW-Authenticate challenge from the server. So... when you get a nextnonce, do you recalculate A1? Is that what you mean by "start using it?" Or do you calculate A1 "only once - on the first request by the client following receipt of a WWW-Authenticate challenge from the server," as the forgoing text indicates? /a
Received on Monday, 1 December 2003 12:01:02 UTC