- From: Scott Lawrence <lawrence@agranat.com>
- Date: Mon, 22 Dec 1997 14:52:01 -0500
- To: John Franks <john@math.nwu.edu>
- cc: Scott Lawrence <lawrence@agranat.com>, jg@w3.org, paulle@microsoft.com, ietf-http-wg@w3.org, http-wg@cuckoo.hpl.hp.com
>>>>> "JF" == John Franks <john@math.nwu.edu> writes: JF> Let me suggest a compromise here that might meet everyone's needs. JF> To the Authentication-info header we add a "digested-headers" JF> field with the form JF> dheaders="status_code:entity_length:date:L-M-date:expires" JF> but we add the proviso that a server MAY omit any or all of the JF> dates. Here are the advantages I see: JF> ... I think that this is a workable solution, if a verbose one, but I suppose that really is a good idea, and it minimizes the long term state required at both ends of the transaction. JF> Just to clean things up a little I would then change the definition JF> of entity-digest to JF> ----------------------------------------------------------- JF> entity-digest = JF> <"> KD (H(A1), unquoted nonce-value ":" JF> transaction-info ":" H(entity-body)) <"> JF> ; format is <"> *LHEX <"> Which leaves us with only whether or not to accept Pauls proposed change to use H(H(A1)) rather than H(A1). Paul - would you please give us a paragraph on the rationale for this; if we're going to do it I think that we will want something in the spec for how to use the capability it provides... -- Scott Lawrence EmWeb Embedded Server <lawrence@agranat.com> Agranat Systems, Inc. Engineering http://www.agranat.com/
Received on Monday, 22 December 1997 14:56:32 UTC