Authentication issue CNONCE: Proposed resolution
Larry Masinter (masinter@parc.xerox.com)
Tue, 28 Jul 1998 10:58:19 PDT
(I'm going through the Authentication issue list
http://www.w3.org/Protocols/HTTP/Issues/
seeing if there are actually proposed resolutions of the open issues):
In http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0031.html
Dave Kristol wrote:
# 3.2.3 The Authentication-Info Header
# cnonce and qop are used in the calculation of response-digest. The
# client is not required to send either cnonce= or auth=. So I assume
# (correct?) that the null string is used for values for omitted
# attributes in the calculation.
I suggest that this be the correct interpretation, that the null
string is used for values for omitted attributes in the calculation.
# If (to use cnonce as the example) cnonce was omitted, should
# Authentication-Info omit cnonce, or should it send cnonce=""? Same
# question for auth.
I propose that either MAY be allowed, since they are equivalent.
Larry
--
http://www.parc.xerox.com/masinter