Re: Digest mess

Dave Kristol (dmk@bell-labs.com)
Wed, 07 Jan 1998 13:05:35 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Kristol: "Re: Minutes, HTTP-WG 8, 10 Dec 1997"
Previous message: Ted Hardie: "Re: Minutes, HTTP-WG 8, 10 Dec 1997"
Next in thread: Scott Lawrence: "Re: Digest mess"
Reply: Scott Lawrence: "Re: Digest mess"

The conflicting positions (should Digest have some kind of integrity
check?) seem to stem from two different perspectives:

1) Servers want to identify users.  Neither the server nor the client is
particularly concerned about the integrity of messages (typically GETs
that return information to the client).

2) Servers want to have some assurance that stuff they receive from
clients (PUT/POST) is what was sent.  So they want an integrity check.

I think a lot of the arguing here of late has been because of the
failure to see these two perspectives.  I, and a bunch of others I've
stirred up, appear to be more interested in (1).  Scott Lawrence and
Paul Leach, at least, seem especially concerned with (2).

Can the two functions be separated so (1) can progress with "old"
Digest?

Dave Kristol

Next message: Dave Kristol: "Re: Minutes, HTTP-WG 8, 10 Dec 1997"
Previous message: Ted Hardie: "Re: Minutes, HTTP-WG 8, 10 Dec 1997"
Next in thread: Scott Lawrence: "Re: Digest mess"
Reply: Scott Lawrence: "Re: Digest mess"