- From: John Franks <john@math.nwu.edu>
- Date: Wed, 17 Dec 1997 11:32:02 -0600 (CST)
- To: "John C. Mallery" <jcma@ai.mit.edu>
- Cc: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>, rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
On Wed, 17 Dec 1997, John C. Mallery wrote: > > It has to provide a hash of the return codes and a hash of > the entity to achieve its full potential. This allows client > to know that you have the right entity body and it allows > the client to know how the server processed the request, > i.e. the entire transaction is authenticated. This point > has been raised before on the list. I can't why it isn't > dead obvious. > Let me repeat: ALL OF THIS IS IN THE CURRENT DRAFT. And there are implementations. I don't understand your point. Are you arguing that the Authentication-info header should not be optional? In that case it would not be feasible to use digest for things like registering newspaper readers where authenticating every article would not be worth the overhead. John Franks john@math.nwu.edu
Received on Wednesday, 17 December 1997 09:37:18 UTC