John said: ---------- ]] ] > Are you just talking about D-MD, or Digest Auth for ] > Proxy-Authentication and Proxy-Authorization as well? ] > ] ] Digest-MessageDigest has been part of the draft since its very early ] versions. It has limitations. I don't think we are in a position ] to either remove it or overcome its limitations. The new nextnonce ] field seems to me to be a useful addition which is is a very modest ] change and not likely to lead to any unpleasant surprises. I also ] agree with Paul that there is not much reason to keep the user, nonce ] and realm fields. In the fullness of time we can and will create ] stronger ways of dealing with authentication, proxies, headers, etc. ] ] I propose that the D-MD section of this draft be: ] [omitted] The problem is, this is broken when a proxy is involved. I don't care if you enhance the section along the lines of my suggestions, but it has to work when proxies are involved, otherwise huge numbers of clients can't use digest auth -- perhaps even the majority of users in the near future. PaulReceived on Friday, 1 March 1996 12:03:54 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:42:57 UTC