- From: Sylvain Hellegouarch <sh@defuze.org>
- Date: Mon, 16 Oct 2006 10:05:25 +0100
- To: Robert Sayre <sayrer@gmail.com>
- CC: lists@ingostruck.de, Adam Roach <adam@nostrum.com>, HTTP Working Group <ietf-http-wg@w3.org>
> No, it's a feature by feature test. Basic works for some people some > of the time, and MD5-sess doesn't. The cause is irrelevant. It could > be that the spec is too difficult to implement, the spec is not worth > implementing, the specified protocol doesn't work at all, or that > browser engineers are dumb. It doesn't really matter--the document is > really old by now, and the workable parts are clear. > The first time I've implemented Digest for the CherryPy server (a Python HTTP 1.0/1.1 server) I was so surprised RFC2617 was so difficult to decrypt. I must say to this date I have no idea to say whether or not my implementation is correct or not and the worse is that there is no way to test this anyway considering no one can provide a definitive implementation against which to test or to compare. I do not pretend having any authority on that matter but as Robert says the document has grown old now and it really ought to be updated and clarified. - Sylvain BTW, for those interested here is the implementation: http://www.cherrypy.org/browser/trunk/cherrypy/lib/auth.py http://www.cherrypy.org/browser/trunk/cherrypy/lib/httpauth.py
Received on Monday, 16 October 2006 09:09:13 UTC