- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Thu, 22 Feb 1996 02:31:44 PST
- To: john@math.nwu.edu
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, dmk@allegra.att.com
John, My notes say that we are expecting a new draft of digest authentication from the authors, of which you are one. It was my impression that this new draft would include: * Adding an algorithm parameter. * Describe in detail construction of nonces. Here there are a number of tricks already in use which ensure that a nonce is only valid for requests comming from a single TCP/IP address. * Fix dependence on 'extension mechanism'. * Enhance 'security considerations' section to explain limitations. and that the latter part would cover in sufficient detail the issues raised in the various critiques of Digest Authentication, so that those who were considering this extension would be fully informed. With these edits, we might be able to move forward with "Digest". Without them, I don't see that we can. Your note left me with the impression that you are unaware of any plans to update the specification. Did I just imagine that we were going to see a revised draft? If not from you, from whom?
Received on Thursday, 22 February 1996 02:35:27 UTC