- From: Paul Leach <paulle@microsoft.com>
- Date: Fri, 1 Mar 96 11:50:31 PST
- To: john@math.nwu.edu
- Cc: hallam@w3.org, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
John said: ---------- ] ] > Are you just talking about D-MD, or Digest Auth for ] > Proxy-Authentication and Proxy-Authorization as well? ] > ] ] Digest-MessageDigest has been part of the draft since its very early ] versions. It has limitations. I don't think we are in a position ] to either remove it or overcome its limitations. The new nextnonce ] field seems to me to be a useful addition which is is a very modest ] change and not likely to lead to any unpleasant surprises. I also ] agree with Paul that there is not much reason to keep the user, nonce ] and realm fields. In the fullness of time we can and will create ] stronger ways of dealing with authentication, proxies, headers, etc. ] ] I propose that the D-MD section of this draft be: [proposal omitted -- same as in current version] What about Proxy-Authentication and Proxy-Authorization? Can they use Digest Auth challenges and responses? My reading of the HTTP spec is that any auth scheme must support both origin-server (WWW-Authenticate and Authorization) and proxy (Proxy-Authentication and Proxy-Authorization) authentication. Paul
Received on Friday, 1 March 1996 12:03:57 UTC