- From: Scott Lawrence <lawrence@agranat.com>
- Date: Sun, 29 Mar 1998 14:01:57 -0500
- To: Dave Kristol <dmk@bell-labs.com>
- Cc: Paul Leach <paulle@microsoft.com>, http-wg@cuckoo.hpl.hp.com
>>>>> "DK" == Dave Kristol <dmk@bell-labs.com> writes: DK> Sect. 3.2.3, The Authentication-Info Header DK> What should a client do if the rspauth=response-digest information DK> is wrong? PL> Not accept the response. DK> How does a client, which has already read a response, "not accept DK> [it]"? I'm picking nits here, true. Does it mean that a browser would DK> show the user an error saying that the received response was in error? DK> Or does it just stop spinning its logo and leave on the screen what was DK> already there? How does a browser indicate now when the certificate from an SSL connection does not check out or the messages arriving on the connection do not have valid signatures? The User Agent should do the right thing - authentication has failed. -- Scott Lawrence EmWeb Embedded Server <lawrence@agranat.com> Agranat Systems, Inc. Engineering http://www.agranat.com/
Received on Sunday, 29 March 1998 11:21:56 UTC