- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Tue, 6 Jan 1998 18:36:21 PST
- To: John Franks <john@math.nwu.edu>
- Cc: Dave Kristol <dmk@bell-labs.com>, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
> A number of others have echoed this sentiment. There may be an > emerging consensus to undock all the entity-digest and > Authentication-info parts of the current digest specification, leaving > digest as a simple replacement for Basic authentication with precisely > the same functionality, but with the elimination of cleartext > passwords. > > I have no problem with this. I think it does not break existing > implementations because the parts to be removed are optional. > > This would then allow interested parties to pursue "digest-ng" which > could be incompatible and in particular could authenticate the server > to the client by the use of client nonces. It could also deal with > the issues of digesting headers. This sounds like a good plan. It might be that "digest-ng" should be proposed to the WTS working group, however. Larry -- http://www.parc.xerox.com/masinter
Received on Tuesday, 6 January 1998 18:42:45 UTC