Re: Digest mess

Larry Masinter (masinter@parc.xerox.com)
Tue, 6 Jan 1998 18:36:21 PST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Phillip M. Hallam-Baker: "Re: Digest mess"
Previous message: John Franks: "Re: Digest mess"

> A number of others have echoed this sentiment.  There may be an
> emerging consensus to undock all the entity-digest and
> Authentication-info parts of the current digest specification, leaving
> digest as a simple replacement for Basic authentication with precisely
> the same functionality, but with the elimination of cleartext
> passwords.
> 
> I have no problem with this.  I think it does not break existing
> implementations because the parts to be removed are optional.
> 
> This would then allow interested parties to pursue "digest-ng" which
> could be incompatible and in particular could authenticate the server
> to the client by the use of client nonces.  It could also deal with
> the issues of digesting headers.

This sounds like a good plan. It might be that "digest-ng" should
be proposed to the WTS working group, however.

Larry
-- 
http://www.parc.xerox.com/masinter

Next message: Phillip M. Hallam-Baker: "Re: Digest mess"
Previous message: John Franks: "Re: Digest mess"