- From: Adam Roach <adam@nostrum.com>
- Date: Sun, 15 Oct 2006 12:06:13 -0500
- To: lists@ingostruck.de
- CC: Robert Sayre <sayrer@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Ingo Struck wrote: > - some netscape descendants tend to use a stale nonce > after the server sent an updated nonce As I've pointed out many times over the past several years: 2617 contains _conflicting_ language regarding whether H(A1) should be recalculated upon receipt of nextnonce when using MD5-sess. It would take one short sentence to resolve this ambiguity one way or the other. With conflicting language in the spec, it's no wonder that these implementations get it "wrong" -- they have to choose between two mutually exclusive statements. /a
Received on Sunday, 15 October 2006 17:04:56 UTC