W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 1998

4/13/98 http-authentication-01.txt comments

From: Dave Kristol <dmk@research.bell-labs.com>
Date: Mon, 13 Apr 1998 16:07:13 -0400 (EDT)
Message-Id: <199804132007.QAA18314@aleatory.research.bell-labs.com>
To: http-wg@cuckoo.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/45
(It's gotten so I have to date them! :-)

3.2.2 The Authorization Request Header

    response         = "response" "=" request-digest

Later there's this text:
    The definition of request-digest above indicates the encoding for
    its value. The following definitions show how the value is

Unfortunately, there *is* no "definition ... above".  The non-terminal
request-digest has no syntactic definition.  I suspect it should be

	request-digest = <"> *LHEX <">

3.2.3 The Authentication-Info Header

cnonce and qop are used in the calculation of response-digest.  The
client is not required to send either cnonce= or auth=.  So I assume
(correct?) that the null string is used for values for omitted
attributes in the calculation.

If (to use cnonce as the example) cnonce was omitted, should
Authentication-Info omit cnonce, or should it send cnonce=""?  Same
question for auth.

Dave Kristol
Received on Monday, 13 April 1998 13:11:37 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:05 UTC