Re: more minor Digest Auth editorial comments

>    <header-digest> is a keyed digest over the entity headers (as defined by
>    HTTP -- e.g., as of HTTP/1.1, Content-Type and other Content-* headers,
>    Last-Modified, Expires, etc.) It is computed as

That won't work.  HTTP header fields of the same name can be appended
together, and header fields of different names can be reordered, by
any HTTP recipient without changing the semantics of the message.
The only way to digest the header fields is to first encapsulate them
using something like WRAPPED or MOSS.


 ...Roy T. Fielding
    Department of Information & Computer Science    (fielding@ics.uci.edu)
    University of California, Irvine, CA 92717-3425    fax:+1(714)824-4056
    http://www.ics.uci.edu/~fielding/

Received on Thursday, 29 February 1996 00:45:12 UTC