W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: [Ietf-http-auth] Updating RFC 2617 (HTTP Digest) to use UTF-8

From: Adam Roach <adam@nostrum.com>
Date: Sun, 15 Oct 2006 12:06:13 -0500
Message-ID: <45326A85.9040204@nostrum.com>
To: lists@ingostruck.de
CC: Robert Sayre <sayrer@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>

Ingo Struck wrote:
> - some netscape descendants tend to use a stale nonce
>   after the server sent an updated nonce

As I've pointed out many times over the past several years: 2617 
contains _conflicting_ language regarding whether H(A1) should be 
recalculated upon receipt of nextnonce when using MD5-sess. It would 
take one short sentence to resolve this ambiguity one way or the other.

With conflicting language in the spec, it's no wonder that these 
implementations get it "wrong" -- they have to choose between two 
mutually exclusive statements.

Received on Sunday, 15 October 2006 17:04:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:40 UTC