RE: Digest mess

Yaron Goland (yarong@MICROSOFT.COM)
Tue, 30 Dec 1997 00:30:32 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeffrey Mogul: "Re: FW: Digest mess"
Previous message: Dave Kristol: "Re: Digest mess"

Actually, an old timer (you know who you are =) insists we did Digest in IE
2.0. However, I am informed that it was not in 3.0 or higher. I am
considering recommending it for 5.0 or 6.0.

The reasons I like Digest are:

A) Digest is "good enough" for a lot of my scenarios. My users don't have
public keys and aren't likely to have them for a very long time. However
they do have passwords, lots of passwords, and Digest is a hell of a lot
better than Basic.

B) I can export the damn thing.

C) I can actually perform proxy/firewall controls

D) I can mux multiple authenticated requests with different users and
passwords request/responses over a single connection (is there even a way to
"re-authenticate" TLS with a different key or do you always have to break
the connection?)

The main thing I hate about Digest is:

A) Can't digest arbitrary headers.

This is a big deal for groups like WebDAV where new headers are being
introduced which contain critical command information. For example the depth
header specifies if a command applies to a single resource or a collection
of resources. The destination header specifies the destination of a move or
copy. Changing these headers would have a profound effect on the meaning of
the method.

Unfortunately this single complaint seems to be a show stopper for a group
like WebDAV. Someone please demonstrate to me I'm wrong. You will have made
my life much better.

If this problem can be solved the WebDAV group would even be willing to
specify, for each method it defines, which headers MUST be part of the
digest. That should, one would hope, allow us to avoid negotiation. I can
see a later spec which adds negotiation on which headers must be digested
but that need not be part of the base spec.

Other than this single problem, I'm a big fan of digest and would love to
recommend its implementation in IE.

		Yaron

> -----Original Message-----
> From:	Scott Lawrence [SMTP:lawrence@agranat.com]
> Sent:	Wednesday, December 17, 1997 5:38 AM
> To:	John C. Mallery
> Cc:	HTTP Working Group
> Subject:	Re: Digest mess
> 
> 
> 
> On Wed, 17 Dec 1997, John C. Mallery wrote:
> 
> > Yea, and now Internet Explorer 4.0 has broken their digest
> implementation
> > form 3.0. Of course, netscape doesn't do digests.
> 
>   Internet Explorer doesn't do digest and never has.

Next message: Jeffrey Mogul: "Re: FW: Digest mess"
Previous message: Dave Kristol: "Re: Digest mess"