Re: Digest mess

Well, it's nice to know that people who want Digest are still listening.
There are two reasons why I am pushing all the buttons in this thread.

  1) People seem to be bandying about suggested changes to Digest
     without consideration for how those changes will affect
     deployment.  If you change the entity-digest specification,
     is the recipient of the Digest supposed to decode it using the
     rules in RFC 2069 or RFC HTTPAA-eventually?  How is the recipient
     going to tell the difference between them?  Or should we just assume
     that everyone will instantly update their applications as soon as
     the new RFC is published (just as they didn't do for the last RFC)?

     HTTP/1.1 was designed for deployment.  What is the deployment
     design for Digest mkIII?  How do we get implementers to include
     it in their *current* products?

  2) The current draft, <draft-ietf-http-authentication-00>, is
     a pile of fresh manure.  The text format is mangled, it fails
     to define the general HTTP authentication header fields and
     responses, mis-defines WWW-Authenticate and Authorization as
     Digest-only fields, mixes HTTP-BNF and pseudo-math at random
     and without distinction, and needs a complete reorganization
     before anyone can be sensibly expected to give it a serious
     technical review.

If at least one of the seven authors currently listed on the draft
will step up to the plate and start editing, then maybe Digest can
be resurrected.  I suggest the authors discuss this amongst themselves
and have a clean draft submitted by mid-January.

If not, then either Basic AA will move back into the main spec and
Digest will be dropped, or I'll do the edit myself according to what
is actually implemented.  [Believe me, none of us want this to happen].


Received on Wednesday, 17 December 1997 11:26:13 UTC