W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2003

Re: Nonce count, digest authentication.

From: Duane Wessels <wessels@packet-pushers.com>
Date: Mon, 30 Jun 2003 11:09:04 -0600 (MDT)
To: Wilfred Nilsen <wilfred.nilsen@cox.net>
cc: ietf-http-wg@w3.org
Message-ID: <Pine.BSF.4.53.0306301105550.27444@life-gone-hazy.com> 

> The problem is that the client sometimes skips a 'nc' value.  For
> example, the server and client nonce count matches say to the value
> 00000016, but then the next value from the client is 00000018?

Squid implements digest authentication, although I don't know
how many sites really use it.  You might find it helpful to
read through the relevant code.

Squid has an option (nonce_strictness) to allow or reject gaps in
nonce counts.

Duane W.
Received on Monday, 30 June 2003 13:09:13 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:22 UTC