- From: Dave Kristol <dmk@bell-labs.com>
- Date: Wed, 07 Jan 1998 13:05:35 -0500
- To: HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
The conflicting positions (should Digest have some kind of integrity check?) seem to stem from two different perspectives: 1) Servers want to identify users. Neither the server nor the client is particularly concerned about the integrity of messages (typically GETs that return information to the client). 2) Servers want to have some assurance that stuff they receive from clients (PUT/POST) is what was sent. So they want an integrity check. I think a lot of the arguing here of late has been because of the failure to see these two perspectives. I, and a bunch of others I've stirred up, appear to be more interested in (1). Scott Lawrence and Paul Leach, at least, seem especially concerned with (2). Can the two functions be separated so (1) can progress with "old" Digest? Dave Kristol
Received on Wednesday, 7 January 1998 10:14:02 UTC