- From: John Franks <john@math.nwu.edu>
- Date: Wed, 21 Feb 1996 16:57:31 -0600 (CST)
- To: Paul Leach <paulle@microsoft.com>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
On Wed, 21 Feb 1996, Paul Leach wrote:
>
> The draft also says that the nonce is a "server specified integer
> value". (It _doesn't_ say if it's *HEX or *DIGIT...) If it included all
> the material Dave uses, it would be a pretty big integer, and clients
> probably wouldn't know how to increment it.
>
> Changing the spec to say it's *HEX, and that the last 32 bits is the
> part that clients must increment each time they return it in a request,
> would enable the implementation of your suggestions.
>
Well, now I'm confused. I have been talking about
draft-ietf-http-digest-aa-02.txt my version of which is dated
Dec. 20, 1995 and does not contain the word "increment."
What it does say is:
"<nonce>
A server-specified integer value which may be uniquely generated each
time a 401 response is made. Servers may defend themselves against
replay attacks by refusing to reuse nonce values. The nonce should be
considered opqaue (sic) by the client."
Being considered "opaque" by the client means that clients don't increment
it.
John Franks Dept of Math. Northwestern University
john@math.nwu.edu
Received on Wednesday, 21 February 1996 15:02:15 UTC