Re: Digest Authentication Challenge Ordering

Dave Kristol (dmk@bell-labs.com)
Fri, 07 Aug 1998 10:12:24 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Scott Lawrence: "Re: Authentication issue CNONCE: Proposed resolution"
Previous message: Dave Kristol: "Re: Proxy Auth???"
Maybe in reply to: Patrick McManus: "Digest Authentication Challenge Ordering"

Paul Leach wrote:
> 
> I propose that the user-agent MUST choose the strongest auth-scheme it
> understands. This permits the server to put Basic first for old browsers (if
> it finds Basic acceptably secure). The order really doesn't matter, since
> the server is only supposed to offer minimally acceptable schemes.

I concur.  But the specifications for various authenticate schemes also
must rank them by strength relative to the others.  (Yes, of course it's
easy when we have just two, and their relative strengths are obvious.)

Dave Kristol

Next message: Scott Lawrence: "Re: Authentication issue CNONCE: Proposed resolution"
Previous message: Dave Kristol: "Re: Proxy Auth???"
Maybe in reply to: Patrick McManus: "Digest Authentication Challenge Ordering"