W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 1998

Re: Digest mess

From: Larry Masinter <masinter@parc.xerox.com>
Date: Tue, 6 Jan 1998 18:36:21 PST
Message-Id: <34B2EA25.CC3027C9@parc.xerox.com>
To: John Franks <john@math.nwu.edu>
Cc: Dave Kristol <dmk@bell-labs.com>, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/5095
> A number of others have echoed this sentiment.  There may be an
> emerging consensus to undock all the entity-digest and
> Authentication-info parts of the current digest specification, leaving
> digest as a simple replacement for Basic authentication with precisely
> the same functionality, but with the elimination of cleartext
> passwords.
> I have no problem with this.  I think it does not break existing
> implementations because the parts to be removed are optional.
> This would then allow interested parties to pursue "digest-ng" which
> could be incompatible and in particular could authenticate the server
> to the client by the use of client nonces.  It could also deal with
> the issues of digesting headers.

This sounds like a good plan. It might be that "digest-ng" should
be proposed to the WTS working group, however.

Received on Tuesday, 6 January 1998 18:42:45 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:04 UTC