- From: Dave Kristol <dmk@allegra.att.com>
- Date: Thu, 16 Mar 95 18:05:06 EST
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
[Is anyone paying attention to my other questions?] The client's Authorization: header contains uri="<requested-uri>" I read the paragraphs about how the server checks the validity of the information to mean that the server uses the header's "uri" value when it calculates A2. Should the server ever compare the "uri" value against the URI it actually received as part of the request, too? If so, does it matter whether that comparison comes before or after the various MD5 checks? (I assume if there's a mismatch, the request is rejected. True?) Another, minor nuisance, question: should the MD5 digest function be required to produce hex with all lower (or upper) case letters? It's easy to check stuff caselessly, but it's a little less efficient. Dave Kristol
Received on Thursday, 16 March 1995 15:24:01 UTC