- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Tue, 28 Jul 1998 11:07:57 PDT
- To: HTTP Working Group <http-wg@cuckoo.hpl.hp.com>
In http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0035.html Dave Kristol wrote about problems with the example nonce given in section 3.2.1. "I think this example for nonce is a poor one..." citing two reasons: (a) using ETag ties the nonce to a given URI and (b) some resources may not have an ETag. However, this is just an example of what a nonce might be, rather than normative text, and the drawbacks that Dave cites don't affect the security of the nonce, but rather the performance of nonce reuse, and the domain of applicability of the example. So I propose that we leave the text as is. I considered recommending a disclaimer, but I consider the existing disclaimer # The contents of the nonce are implementation dependent. The quality # of the implementation depends on a good choice. sufficient. Proposed resolution: leave as is. Larry -- http://www.parc.xerox.com/masinter
Received on Tuesday, 28 July 1998 11:10:00 UTC