> ---------- > From: John Franks[SMTP:john@math.nwu.edu] > Sent: Monday, January 19, 1998 10:41 AM > To: Dave Kristol > Cc: Yaron Goland; http-wg@cuckoo.hpl.hp.com > Subject: Re: Some comments on Digest Auth > <snip> > It is also a good idea to embed the requestor's IP address. > This will be broken when there is a proxy farm, each with its own IP address, and where the client uses chooses the particular proxy based on the URL. > One thing that I would like to do, but which would conflict with a > pre-delivered list of nonces, is to embed the (strong) ETag of a > document in the nonce. This is simpler than timestamping and > guarantees that a replay can only retrieve exactly the same document > (which a MITM has presumably already seen when he captured the nonce.) > Both would be good -- otherwise you can retreive the same document indefinitely into the future. PaulReceived on Wednesday, 21 January 1998 05:07:23 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:04 UTC