RE: Etag in nonce

Fisher Mark (fisherm@tce.com)
Thu, 14 May 1998 09:22:08 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Scott Lawrence: "RE: Etag in nonce"
Previous message: Adam M. Donahue: "Re: outstanding issues: what's happening?"
Next in thread: Scott Lawrence: "RE: Etag in nonce"
Reply: Scott Lawrence: "RE: Etag in nonce"

Dave Kristol wrote:
>2) <http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0035.html>
>
>Recommending that the (Digest) nonce include Etag seems like a bad
>idea -- it makes the nonce non-reusable for other entities.

I think that allowing, but not recommending, the Etag in the nonce is
the best course.  There is some (slight?) security gain by doing so, but
with the major disadvantage of non-reusability.  (This should likely be
documented...)
==========================================================
Mark Leighton Fisher          Thomson Consumer Electronics
fisherm@indy.tce.com          Indianapolis, IN
"Browser Torture Specialist, First Class"

Next message: Scott Lawrence: "RE: Etag in nonce"
Previous message: Adam M. Donahue: "Re: outstanding issues: what's happening?"
Next in thread: Scott Lawrence: "RE: Etag in nonce"
Reply: Scott Lawrence: "RE: Etag in nonce"