- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Mon, 26 Aug 1996 12:12:06 PDT
- To: koen@win.tue.nl
- Cc: dmk@allegra.att.com, koen@win.tue.nl, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Folks, I'm sorry I raised this question without looking at the implications. The HTTP document draft-ietf-http-v11-spec-07.txt has explicit instructions: > 19.8.4 Possible Merge With Digest Authentication Draft > Note that the working group draft for Digest Authentication may be > processed by the IESG at the same time as this document; we leave it to > the RFC editor to decide whether to issue a single RFC containing both > drafts (see section 11.2 for where it would be put); in any case, the > reference in the reference list will need to be either deleted, or made > to the appropriate RFC (and section 11.2 deleted). and then in section 11.2: > 11.2 Digest Authentication Scheme > Note for the RFC editor: This section is reserved for including the > Digest Authentication specification, or if the RFC editor chooses to > issue a single RFC rather than two RFC's, this section should be > deleted. We were asked for confirmation that it was our intent to merge the two drafts. I don't think we have any other choices than either: a) delete section 11.2, and ignore 19.8.4 b) edit digest-aa in such a way that it is suitable for inserting into v11-spec as a revised section 11.2. However, on looking over digest-aa, it seems to me that just inserting it as chapter 11.2 is unworkable; the results would be an unreadable mess. First, digest-aa repeats many of the definitions of v11-spec, and has an extensive security considerations section. I think what we should do is craft a replacement paragraph for section 11.2. I suggest: "The HTTP/1.1 protocol includes a Digest Authentication Scheme, which is described in RFC xxxx." Larry
Received on Monday, 26 August 1996 12:27:48 UTC