Re: Nonce count, digest authentication. from Duane Wessels on 2003-06-30 (ietf-http-wg@w3.org from April to June 2003)

From: Duane Wessels <wessels@packet-pushers.com>
Date: Mon, 30 Jun 2003 11:09:04 -0600 (MDT)
To: Wilfred Nilsen <wilfred.nilsen@cox.net>
cc: ietf-http-wg@w3.org
Message-ID: <Pine.BSF.4.53.0306301105550.27444@life-gone-hazy.com>

> The problem is that the client sometimes skips a 'nc' value.  For
> example, the server and client nonce count matches say to the value
> 00000016, but then the next value from the client is 00000018?

Squid implements digest authentication, although I don't know
how many sites really use it.  You might find it helpful to
read through the relevant code.

Squid has an option (nonce_strictness) to allow or reject gaps in
nonce counts.

Duane W.

Received on Monday, 30 June 2003 13:09:13 UTC