- From: <pjc@tis.com>
- Date: Mon, 26 Feb 96 13:31:36 -0800
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
In previous posts I have hinted at a mechanism where having unique nonces each time does not need extra roundtrips. Only the first time needs to. If there are multiple auth points all requiring auth then an initial shuttle back and forth happens but once end-end is established no extra round trips are needed. The authentication point (currently the Origin Server, or the nearest proxy) piggy-backs the next WWW-Auth or Proxy-Auth on the current response. So After an initial extra roundtrip, the client always has a fresh nonce to use. For multiple connections, the authentication point needs to keep a limited cache of outstanding nonces. These don't need very long lifetimes since the protocol is self starting.. So you have strong auth, without any major impact on performance. Pete.
Received on Monday, 26 February 1996 10:37:30 UTC