W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: [Ietf-http-auth] Updating RFC 2617 (HTTP Digest) to use UTF-8

From: Sylvain Hellegouarch <sh@defuze.org>
Date: Mon, 16 Oct 2006 10:05:25 +0100
Message-ID: <45334B55.70300@defuze.org>
To: Robert Sayre <sayrer@gmail.com>
CC: lists@ingostruck.de, Adam Roach <adam@nostrum.com>, HTTP Working Group <ietf-http-wg@w3.org>


> No, it's a feature by feature test. Basic works for some people some
> of the time, and MD5-sess doesn't. The cause is irrelevant. It could
> be that the spec is too difficult to implement, the spec is not worth
> implementing, the specified protocol doesn't work at all, or that
> browser engineers are dumb. It doesn't really matter--the document is
> really old by now, and the workable parts are clear.
> 

The first time I've implemented Digest for the CherryPy server (a Python
HTTP 1.0/1.1 server) I was so surprised RFC2617 was so difficult to
decrypt. I must say to this date I have no idea to say whether or not my
implementation is correct or not and the worse is that there is no way
to test this anyway considering no one can provide a definitive
implementation against which to test or to compare.

I do not pretend having any authority on that matter but as Robert says
the document has grown old now and it really ought to be updated and
clarified.

- Sylvain

BTW, for those interested here is the implementation:
http://www.cherrypy.org/browser/trunk/cherrypy/lib/auth.py
http://www.cherrypy.org/browser/trunk/cherrypy/lib/httpauth.py
Received on Monday, 16 October 2006 09:09:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT