- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Mon, 02 Feb 2015 02:41:02 +0100
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP <ietf-http-wg@w3.org>
* Julian Reschke wrote: >On 2015-02-01 10:00, Bjoern Hoehrmann wrote: >> There is basically no information in the draft what the header can, >> should, or should not be used for, it does not even indicate what the >> `Digest` scheme uses it for, and it does not point out caveats like > >The latter is supposed to be in the DIGEST spec. > >Do you have a proposal for the former? > >> poor interaction with pipelined requests as they are noted in RFC 2617 >> and whether such considerations apply to HTTP/2, for instance. I guess > >Again, that seems to be specific to the nextnonce parameter which is >specific to DIGEST. A possible starting point would be to explain whether, how, and why it is better to use an authentication scheme independent header to specify authentication scheme specific parameters. If it's pretty much always better to use `Authentication-Info` then there probably should be some SHOULD-level requirement to use it somewhere. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de Available for hire in Berlin (early 2015) · http://www.websitedev.de/
Received on Monday, 2 February 2015 01:41:38 UTC