- From: John C. Mallery <jcma@ai.mit.edu>
- Date: Wed, 17 Dec 1997 12:14:25 -0500
- To: John Franks <john@math.nwu.edu>
- Cc: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>, rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Excuse me. Did I say encryption? It has to provide a hash of the return codes and a hash of the entity to achieve its full potential. This allows client to know that you have the right entity body and it allows the client to know how the server processed the request, i.e. the entire transaction is authenticated. This point has been raised before on the list. I can't why it isn't dead obvious. Earlier versions of Internet Explorer did indeed do digests because they were based on the Spyglass code, which did.
Received on Wednesday, 17 December 1997 09:18:16 UTC