Re: Digest mess

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: John Franks: "Re: Digest mess"
• Previous message: John Franks: "Re: Digest mess"
• Maybe in reply to: Roy T. Fielding: "Digest mess"
• Next in thread: Scott Lawrence: "Re: Digest mess"

>>>>> "JF" == John Franks <john@math.nwu.edu> writes:

JF> Let me suggest a compromise here that might meet everyone's needs.

JF> To the Authentication-info header we add a "digested-headers"
JF> field with the form

JF>    dheaders="status_code:entity_length:date:L-M-date:expires"

JF> but we add the proviso that a server MAY omit any or all of the
JF> dates.  Here are the advantages I see:

JF> ...

  I think that this is a workable solution, if a verbose one, but I
  suppose that really is a good idea, and it minimizes the long term
  state required at both ends of the transaction.

JF> Just to clean things up a little I would then change the definition
JF> of entity-digest to

JF> -----------------------------------------------------------
JF>             entity-digest =
JF>                     <"> KD (H(A1), unquoted nonce-value ":"
JF>                          transaction-info ":" H(entity-body)) <">
JF>                                        ; format is <"> *LHEX <">

  Which leaves us with only whether or not to accept Pauls proposed
  change to use H(H(A1)) rather than H(A1).

  Paul - would you please give us a paragraph on the rationale for
  this; if we're going to do it I think that we will want something in
  the spec for how to use the capability it provides...

--
Scott Lawrence           EmWeb Embedded Server       <lawrence@agranat.com>
Agranat Systems, Inc.        Engineering            http://www.agranat.com/

• Next message: John Franks: "Re: Digest mess"
• Previous message: John Franks: "Re: Digest mess"
• Maybe in reply to: Roy T. Fielding: "Digest mess"
• Next in thread: Scott Lawrence: "Re: Digest mess"