- From: Daniel Hellerstein <danielh@mailbox.econ.ag.gov>
- Date: Wed, 29 Apr 1998 10:48:15 -0400
- To: http-wg@cuckoo.hpl.hp.com
2) The example on pg 17 of the digest authentication draft should mention a few gotchas: i) method of GET is used (GET, not get, is used) ii) the 32 hex character md5 (not the 128 bit) is used in H(), with lower case abcdef characters used. Given that the content-md5 header uses a pack64 of the 128 bit hash, reiterating that the example uses a "lower case 32 hex-char" hash might save a few headaches. iii)The example nonce (pg 9) time-stamp H(time-stamp ":" ETag ":" private-key) was a bit hard to read -- at least I missed that it meant "concatenate time-stamp with H(time-stamp ":" ETag ":" private-key), and then you can use the unhashed time-stamp to verify the nonce.
Received on Wednesday, 29 April 1998 08:05:04 UTC