- From: Dave Kristol <dmk@bell-labs.com>
- Date: Mon, 03 Aug 1998 17:54:25 -0400
- To: Scott Lawrence <lawrence@agranat.com>
- Cc: Paul Leach <paulle@microsoft.com>, HTTP Working Group <http-wg@cuckoo.hpl.hp.com>
Scott Lawrence wrote: > > Paul Leach wrote: > > > I think that absence of cnonce should be illegal if qop=auth or > > qop=auth-int is selected by the client; if the client really _demands_ > > to be totally braindead, it can send a constant as its cnonce. > > I'm also happy with that solution. Just what does "illegal" mean? What should a server do if it gets such an "illegal" request? Dave Kristol
Received on Monday, 3 August 1998 14:59:31 UTC