W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 1998

RE: Some comments on Digest Auth

From: John Franks <john@math.nwu.edu>
Date: Tue, 20 Jan 1998 20:23:14 -0600 (CST)
To: Paul Leach <paulle@microsoft.com>
Cc: Dave Kristol <dmk@bell-labs.com>, Yaron Goland <yarong@microsoft.com>, http-wg@cuckoo.hpl.hp.com
Message-Id: <Pine.LNX.3.96.980120201636.11945A-100000@hopf.math.nwu.edu>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/5237
On Tue, 20 Jan 1998, Paul Leach wrote:

> > 
> Actually, my comment (that both Etag and timestamp are good) was wrong. You
> can't use an Etag in the nonce, because nonces aren't per-resource. 

They certainly can be.  This is purely an implementation decision.
Some existing implementations work this way.  Nothing in the spec
prohibits this and I doubt if that will change.

Incidentally, whether an implementation is stateful (e.g. remembers all
nonces used) or stateless is also an implementation decision.  I very
much doubt that any consensus could be reached on a specification change
which either requires the server to be stateful or prohibits it from 
being so.

John Franks
john@math.nwu.edu
Received on Tuesday, 20 January 1998 18:29:28 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:04 UTC