more minor Digest Auth editorial comments

I made these before, but they may have been lost in the incrementing 

1. A definition of what is "message-body" in section 2.1 needs to be 
given. Does it include entity-headers, general-headers, 
response-headers (when sent by server) or request-headers (when sent by 
client), as well as the entity-body?

2. In the security considerations section, the rationale for including
client IP in the recommended nonce needs to be given, over just
checking the IP address of a later request containing a nonce against
the IP address to which the nonce was originally given. Is it to
reduce the amount of state that the server needs to hold?


Received on Tuesday, 27 February 1996 17:06:18 UTC