- From: Peter J Churchyard <pjc@trusted.com>
- Date: Tue, 20 Feb 1996 16:43:29 -0500 (EST)
- To: Ned Freed <NED@innosoft.com>
- Cc: NED@innosoft.com, rtor@ansa.co.uk, fielding@avron.ICS.UCI.EDU, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
The draft mixes a number of parts together. It provides for user authentication, request integrity and response integrity. So it is more than just an authentication mechanism. The authentication part is needed for the other two but could/should be untangled. The parameterization can be used to cover an APOP style mechanism except that the signature domain is not configurable. The suggested domain is H( H(A1) + ":" + N + ":" + H(A2)) The property H(A1) is fixed for a particular User/realm/triplet. So could be replaced by the value A1 that is H(A1) is the shared secret. H(A2) The uri sans proxy/routing is not very exact. Could it be specified as a rel_path ? Mapping APOP digest onto this would give a domain of N+P Pete. -- The TIS Network Security Products Group has moved! voice: 301-527-9500 x123 fax: 301-527-0482 2277 Research Boulevard, 5th Floor, Rockville, MD 20850
Received on Tuesday, 20 February 1996 13:49:11 UTC