W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: RFC2617, was: Straw-man charter for http-bis

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Tue, 12 Jun 2007 00:53:36 +0200
To: lists@ingostruck.de
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-Id: <1181602416.12685.76.camel@henriknordstrom.net>
mån 2007-06-11 klockan 23:15 +0000 skrev lists@ingostruck.de:

> I would say that this means that for "no value" both
> http://foo.com and https://foo.com are the same protection space,
> because they inevitably refer to the same server (apart from technical
> fancy foods like transparent nat a/o transparent proxying).
> However, most UAs consider http://foo.com and https://foo.com to be
> different servers.

Most people define server to be port specific. http and https uses
different ports.

> - move MD5-sess to a separate rfc or drop it (nobody got it right
>   and the same could be achieved with MD5)

Several got it right. But nearly nobody uses it for various reasons,
where the main one being that very few have authentication backends
capable of providing MD5-sess keying material.

How do you do MD5-sess with MD5 for the target of MD5-sess?

The target of MD5-sess is to allow Digest to operate without requiring
the Digest server to have access to the static H(A1) (somewhat security
sensitive).

Regards
Henrik

Received on Monday, 11 June 2007 22:53:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT