Re: Digest-MessageDigest doesn't work with proxies

On Fri, 1 Mar 1996, Paul Leach wrote:
> Consider: if the client does a GET and the proxy serves it from the cache,
> where does the "nonce" come from that is needed to compute and
> check <message-digest> -- cached data, the proxy's nonce from
> proxy-auth, or does the proxy have to always go to the origin-server?

It always has to go to the origin-server.  Here is a quote from
from section on Access Authentication from  the HTTP/1.1 spec draft at

   "Proxies must be completely transparent regarding user
   agent authentication. That is, they must forward the
   WWW-Authenticate and Authorization headers untouched, and
   must not cache the response to a request containing

The problems you are addressing are important and need to be solved.
But Digest Authentication is not the mechanism to solve those problems.
It is a very small step in the right direction, intended only to replace
a misstep, viz.  Basic Authentication.

John Franks 	Dept of Math. Northwestern University

Received on Friday, 1 March 1996 15:18:59 UTC