On 2015-01-30 22:45, Amos Jeffries wrote: > On 31/01/2015 3:11 a.m., Rifaat Shekh-Yusef wrote: >> Why would we restrict the use of this header in future protocols based on >> the Digest usage of this header? >> What would be the harm in allowing the new protocol that uses the header to >> restrict it usage? >> > > Information leaks. User credentials and secure token are potentially > stored in here, as are details specific to the internal operation of the > security algorithm selected/negotiated. > ... The intent of the draft was to separate out what was defined in RFC 2617; thus I agree that we shouldn't relax the use unless there's broad consensus that that would be a good idea. Best regards, JulianReceived on Monday, 2 February 2015 13:42:40 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC