Re: Proxies and Digest-MessageDigest

John said:
] > Are you just talking about D-MD, or Digest Auth for
] > Proxy-Authentication and Proxy-Authorization as well?
] >
] Digest-MessageDigest has been part of the draft since its very early
] versions.  It has limitations. I don't think we are in a position
] to either remove it or overcome its limitations.  The new nextnonce
] field seems to me to be a useful addition which is is a very modest
] change and not likely to lead to any unpleasant surprises.  I also
] agree with Paul that there is not much reason to keep the user, nonce
] and realm fields.  In the fullness of time we can and will create
] stronger ways of dealing with authentication, proxies, headers, etc.
] I propose that the D-MD section of this draft be:

[proposal omitted -- same as in current version]

What about Proxy-Authentication and Proxy-Authorization?  Can they use 
Digest Auth challenges and responses?

My reading of the HTTP spec is that any auth scheme must support both 
origin-server (WWW-Authenticate and Authorization) and proxy 
(Proxy-Authentication and Proxy-Authorization) authentication.


Received on Friday, 1 March 1996 12:03:57 UTC