- From: Dave Kristol <dmk@research.bell-labs.com>
- Date: Wed, 15 Apr 1998 11:46:17 -0400 (EDT)
- To: http-wg@cuckoo.hpl.hp.com
Just want to do a reality check. Suppose we have
1) C<-S
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest ... qop="auth,auth-int", ...
2) C->S
GET / HTTP/1.1
Host: foo
Range: bytes=0-1,2-3
Authorization: Digest ... qop=auth-int, ...,
response="d1837789f989729e19578e86cadbd06e", ...
3) C<-S
HTTP/1.1 206 Partial Content
Date: Wed, 15 Apr 1998 15:26:04 GMT
Server: DMKHTD/1.06c
Content-type: multipart/byteranges; boundary=xyzzy
Last-modified: Wed, 27 Nov 1996 22:36:24 GMT
Etag: "1e7d0a-6ac-329cc268"
Authentication-Info: ... rspauth=<stuff>, ...
--xyzzy
Content-type: text/html
Content-range: bytes 0-1/1708
<H
--xyzzy
Content-type: text/html
Content-range: bytes 2-3/1708
TM
--xyzzy--
Now, response-digest computes
A2 = Status-Code ":" digest-uri-value ":" H(entity-body)
I assume that entity-body in this context comprises all the stuff that
gets returned as a response, including multipart boundaries and
embedded headers in each part.
Sounds like fun to implement.
Dave Kristol
Received on Wednesday, 15 April 1998 08:52:47 UTC