- From: Henrik Nordström <henrik@henriknordstrom.net>
- Date: Thu, 01 Mar 2012 01:58:43 +0100
- To: Adrien de Croy <adrien@qbik.com>
- Cc: ietf-http-wg@w3.org
tor 2012-03-01 klockan 13:13 +1300 skrev Adrien de Croy: > > NTLM could be made non-connection-oriented if http auth had some sort of > context attribute that identified the auth conversation (in both > challenges and responses), instead of having to associate it with the > connection. Yes. Also would have been quite trivial for NTLM/Negotiate to use a hashed session cookie similar to how Digest operates. NTLM have shared secrets only known to client & server. Which is again the question if auth framework should have some kind of session concept, or if that belongs in the auth scheme. Regards Henrik
Received on Thursday, 1 March 2012 00:59:11 UTC