- From: John Franks <john@math.nwu.edu>
- Date: Wed, 13 May 1998 15:58:35 -0500 (CDT)
- To: Dave Kristol <dmk@research.bell-labs.com>
- Cc: http-wg@cuckoo.hpl.hp.com
On Wed, 13 May 1998, Dave Kristol wrote:
> This mailing list has been pretty quiet. I posed a bunch of questions
> over the past month or so, but I haven't seen resolutions. I'll
> summarize:
>
> 1) <http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0031.html>
>
> (Digest)
> a) No definition for non-terminal request-digest.
Should be
request-digest = <"> *LHEX <">
> b) In Authorization, the client can omit cnonce=. If qop=auth-int
> and cnonce is omitted, should Authentication-Info in the server's
> response say 'cnonce=""', or should cnonce be omitted there, too?
>
It should be illegal to omit cnonce with qop=auth-int
> 2) <http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0035.html>
>
> Recommending that the (Digest) nonce include Etag seems like a bad
> idea -- it makes the nonce non-reusable for other entities.
>
A note should say that ETag should only be used with one-time nonces.
> 3) <http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0040.html>
>
> (Digest) In a response that sends multipart/byteranges, does the
> digest-uri-value of A2 digest the MIME headers and separators?
>
I would think yes.
Paul Leach is doing the editing of this.
John Franks
john@math.nwu.edu
Received on Wednesday, 13 May 1998 14:00:10 UTC