FW: Digest mess from Yaron Goland on 1997-12-31 (ietf-http-wg@w3.org from October to December 1997)

From: Yaron Goland <yarong@microsoft.com>
Date: Tue, 30 Dec 1997 18:00:59 -0800
To: "'ietf-http-wg@w3.org'" <ietf-http-wg@w3.org>
Message-ID: <3FF8121C9B6DD111812100805F31FC0D0E7199@red-msg-59.dns.microsoft.com>

Seems I sent this to the original list instead of to the temporary list. 
	Yaron

> -----Original Message-----
> From:	Yaron Goland 
> Sent:	Tuesday, December 30, 1997 12:31 AM
> To:	'Scott Lawrence'; John C. Mallery; Roy T. Fielding (E-mail); Larry
> Masinter (E-mail)
> Cc:	HTTP Working Group; Paul Leach; Alex Hopmann; Henry Sanders
> (Exchange); Jim Whitehead (E-mail)
> Subject:	RE: Digest mess
> 
> Actually, an old timer (you know who you are =) insists we did Digest in
> IE 2.0. However, I am informed that it was not in 3.0 or higher. I am
> considering recommending it for 5.0 or 6.0.
> 
> The reasons I like Digest are:
> 
> A) Digest is "good enough" for a lot of my scenarios. My users don't have
> public keys and aren't likely to have them for a very long time. However
> they do have passwords, lots of passwords, and Digest is a hell of a lot
> better than Basic.
> 
> B) I can export the damn thing.
> 
> C) I can actually perform proxy/firewall controls
> 
> D) I can mux multiple authenticated requests with different users and
> passwords request/responses over a single connection (is there even a way
> to "re-authenticate" TLS with a different key or do you always have to
> break the connection?)
> 
> The main thing I hate about Digest is:
> 
> A) Can't digest arbitrary headers.
> 
> This is a big deal for groups like WebDAV where new headers are being
> introduced which contain critical command information. For example the
> depth header specifies if a command applies to a single resource or a
> collection of resources. The destination header specifies the destination
> of a move or copy. Changing these headers would have a profound effect on
> the meaning of the method.
> 
> Unfortunately this single complaint seems to be a show stopper for a group
> like WebDAV. Someone please demonstrate to me I'm wrong. You will have
> made my life much better.
> 
> If this problem can be solved the WebDAV group would even be willing to
> specify, for each method it defines, which headers MUST be part of the
> digest. That should, one would hope, allow us to avoid negotiation. I can
> see a later spec which adds negotiation on which headers must be digested
> but that need not be part of the base spec.
> 
> Other than this single problem, I'm a big fan of digest and would love to
> recommend its implementation in IE.
> 
> 		Yaron
> 
> -----Original Message-----
> From:	Scott Lawrence [SMTP:lawrence@agranat.com]
> Sent:	Wednesday, December 17, 1997 5:38 AM
> To:	John C. Mallery
> Cc:	HTTP Working Group
> Subject:	Re: Digest mess
> 
> 
> 
> On Wed, 17 Dec 1997, John C. Mallery wrote:
> 
> > Yea, and now Internet Explorer 4.0 has broken their digest
> implementation
> > form 3.0. Of course, netscape doesn't do digests.
> 
>   Internet Explorer doesn't do digest and never has.

Received on Tuesday, 30 December 1997 21:01:18 UTC