- From: Roy T. Fielding <fielding@kiwi.ics.uci.edu>
- Date: Wed, 17 Dec 1997 10:48:03 -0800
- To: HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Well, it's nice to know that people who want Digest are still listening. There are two reasons why I am pushing all the buttons in this thread. 1) People seem to be bandying about suggested changes to Digest without consideration for how those changes will affect deployment. If you change the entity-digest specification, is the recipient of the Digest supposed to decode it using the rules in RFC 2069 or RFC HTTPAA-eventually? How is the recipient going to tell the difference between them? Or should we just assume that everyone will instantly update their applications as soon as the new RFC is published (just as they didn't do for the last RFC)? HTTP/1.1 was designed for deployment. What is the deployment design for Digest mkIII? How do we get implementers to include it in their *current* products? 2) The current draft, <draft-ietf-http-authentication-00>, is a pile of fresh manure. The text format is mangled, it fails to define the general HTTP authentication header fields and responses, mis-defines WWW-Authenticate and Authorization as Digest-only fields, mixes HTTP-BNF and pseudo-math at random and without distinction, and needs a complete reorganization before anyone can be sensibly expected to give it a serious technical review. If at least one of the seven authors currently listed on the draft will step up to the plate and start editing, then maybe Digest can be resurrected. I suggest the authors discuss this amongst themselves and have a clean draft submitted by mid-January. If not, then either Basic AA will move back into the main spec and Digest will be dropped, or I'll do the edit myself according to what is actually implemented. [Believe me, none of us want this to happen]. ....Roy
Received on Wednesday, 17 December 1997 11:26:13 UTC