> A number of others have echoed this sentiment. There may be an > emerging consensus to undock all the entity-digest and > Authentication-info parts of the current digest specification, leaving > digest as a simple replacement for Basic authentication with precisely > the same functionality, but with the elimination of cleartext > passwords. > > I have no problem with this. I think it does not break existing > implementations because the parts to be removed are optional. > > This would then allow interested parties to pursue "digest-ng" which > could be incompatible and in particular could authenticate the server > to the client by the use of client nonces. It could also deal with > the issues of digesting headers. This sounds like a good plan. It might be that "digest-ng" should be proposed to the WTS working group, however. Larry -- http://www.parc.xerox.com/masinterReceived on Tuesday, 6 January 1998 18:42:45 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:04 UTC