W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 1996

Digest-MessageDigest doesn't work with proxies

From: Paul Leach <paulle@microsoft.com>
Date: Fri, 1 Mar 96 11:56:05 PST
To: john@math.nwu.edu
Cc: hallam@w3.org, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: red-16-msg960301195653MTP[01.52.00]000000b1-125090
John said:
----------
]]
] > Are you just talking about D-MD, or Digest Auth for
] > Proxy-Authentication and Proxy-Authorization as well?
] >
]
] Digest-MessageDigest has been part of the draft since its very early
] versions.  It has limitations. I don't think we are in a position
] to either remove it or overcome its limitations.  The new nextnonce
] field seems to me to be a useful addition which is is a very modest
] change and not likely to lead to any unpleasant surprises.  I also
] agree with Paul that there is not much reason to keep the user, nonce
] and realm fields.  In the fullness of time we can and will create
] stronger ways of dealing with authentication, proxies, headers, etc.
]
] I propose that the D-MD section of this draft be:
]
[omitted]

The problem is, this is broken when a proxy is involved.  I don't care 
if you enhance the section along the lines of my suggestions, but it 
has to work when proxies are involved, otherwise huge numbers of 
clients can't use digest auth -- perhaps even the majority of users in 
the near future.

Paul
Received on Friday, 1 March 1996 12:03:54 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:42:57 UTC