Re: Digest mess from John Franks on 1997-12-22 (ietf-http-wg@w3.org from October to December 1997)

From: John Franks <john@math.nwu.edu>
Date: Mon, 22 Dec 1997 14:16:06 -0600 (CST)
To: Scott Lawrence <lawrence@agranat.com>
cc: paulle@microsoft.com, ietf-http-wg@w3.org, http-wg@cuckoo.hpl.hp.com
Message-ID: <Pine.LNX.3.96.971222140842.1184A-100000@hopf.math.nwu.edu>

On Mon, 22 Dec 1997, Scott Lawrence wrote:

>   Which leaves us with only whether or not to accept Pauls proposed
>   change to use H(H(A1)) rather than H(A1).
> 

One other question.  Dave Kristol asked me what keeps a man in 
the middle from stripping the digest from the response.  I said
the digest-required field.   But I'm not sure I'm right.  It looks
like only the server can use digest-required now.  Do we want to
let the client require a digest also?  If so how?

John Franks
john@math.nwu.edu

Received on Monday, 22 December 1997 15:16:23 UTC