Re: comments on draft-ietf-http-authentication-01.txt

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Scott Lawrence: "Re: comments on draft-ietf-http-authentication-01.txt"
• Previous message: Life is hard... and then you die.: "Re: HTTP features w/ low 'implemented' and 'tested'"
• In reply to: Dave Kristol: "Re: comments on draft-ietf-http-authentication-01.txt"
• Next in thread: Dave Kristol: "Re: comments on draft-ietf-http-authentication-01.txt"

>>>>> "DK" == Dave Kristol <dmk@bell-labs.com> writes:

DK> Sect. 3.2.3, The Authentication-Info Header
DK>     What should a client do if the rspauth=response-digest information
DK>     is wrong?

PL> Not accept the response.

DK> How does a client, which has already read a response, "not accept
DK> [it]"?  I'm picking nits here, true.  Does it mean that a browser would
DK> show the user an error saying that the received response was in error?
DK> Or does it just stop spinning its logo and leave on the screen what was
DK> already there?

  How does a browser indicate now when the certificate from an SSL
  connection does not check out or the messages arriving on the
  connection do not have valid signatures?  The User Agent should do
  the right thing - authentication has failed.

--
Scott Lawrence           EmWeb Embedded Server       <lawrence@agranat.com>
Agranat Systems, Inc.        Engineering            http://www.agranat.com/

• Next message: Scott Lawrence: "Re: comments on draft-ietf-http-authentication-01.txt"
• Previous message: Life is hard... and then you die.: "Re: HTTP features w/ low 'implemented' and 'tested'"
• In reply to: Dave Kristol: "Re: comments on draft-ietf-http-authentication-01.txt"
• Next in thread: Dave Kristol: "Re: comments on draft-ietf-http-authentication-01.txt"