Fwd: Closures for remaining technical Digest Issues
Jim Gettys (jg@pa.dec.com)
Mon, 10 Aug 1998 12:26:00 -0700
This is a multi-part message in MIME format, created by Pachyderm.
The parts are separated by "--1" lines.
The first part is a covering note, the others are attachments.
--1
Content-Type: text/plain
This mail should clearly have gone to the general mailing list....
I'm updating the issues list to reflect this.
- Jim
--1
Content-Type: message/rfc822
Content-Disposition: attachment
Received: by src-mail.pa.dec.com; id AA01583; Mon, 3 Aug 1998 14:18:01 -0700
Received: from mail1.digital.com by pobox1.pa.dec.com (5.65v3.2/1.1.10.5/07Nov97-1157AM)
id AA22195; Mon, 3 Aug 1998 14:17:32 -0700
Received: from firewall.agranat.com (agranat.com [198.113.147.2])
by mail1.digital.com (8.8.8/8.8.8/WV1.0g) with SMTP id OAA02486;
Mon, 3 Aug 1998 14:17:31 -0700 (PDT)
Received: from agranat.com (alice [192.104.71.130]) by firewall.agranat.com (8.6.12/8.6.9) with ESMTP id RAA32635; Mon, 3 Aug 1998 17:17:23 -0400
Received: from devnix.agranat.com (root@devnix.agranat.com [192.104.71.180])
by agranat.com (8.8.5/8.8.5) with ESMTP id RAA18011;
Mon, 3 Aug 1998 17:17:19 -0400
Received: from agranat.com (lawrence@localhost [127.0.0.1]) by devnix.agranat.com (8.8.7/8.6.9devnix) with ESMTP id RAA30343; Mon, 3 Aug 1998 17:17:25 -0400
Sender: lawrence@agranat.com
Message-Id: <35C628E4.B8E718B2@agranat.com>
Date: Mon, 03 Aug 1998 21:17:24 +0000
From: Scott Lawrence <lawrence@agranat.com>
Organization: Agranat Systems http://www.agranat.com/
X-Mailer: Mozilla 4.03 [en] (X11; I; Linux 2.0.32 i686)
Mime-Version: 1.0
To: Paul Leach <paulle@microsoft.com>
Cc: Jim Gettys <jg@pa.dec.com>, John Franks <john@math.nwu.edu>,
Larry Masinter <masinter@parc.xerox.com>, stewart@OpenMarket.com,
eric@spyglass.com, luotonen@netscape.com, jeff@spyglass.com,
pbaker@verisign.com, Dave Kristol <dmk@bell-labs.com>, frystyk@w3.org,
mogul@pa.dec.com, fielding@ics.uci.edu
Subject: Closures for remaining technical Digest Issues
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Status:
a1 REQUEST-DIGEST:
http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0031.html
I believe that the suggested resolution in the mail is correct
- the syntax should just be:
request-digest = <"> *LHEX <">
a2 CNONCE:
I just posted by suggestion about this - use the null string, add
a little text to security considerations about why it is a bad idea.
a3 NONCE-ETAG:
I believe that Larrys message on this was on the mark
( http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q3/0028.html )
to leave it as is. There has been no objection, so leave it.
a4 DIGEST-MULTIPART
http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0040.html
is, I think, not an issue - if you think that we need some text
clarifying what is meant by entity-body in a multipart response, then
I guess we could add some, but I can't think where it belongs - ideas?
a5 CHALLENGE-ORDER
I posted my proposed fix as:
http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q3/0057.html
it has been suggested that the statement I put in about not using
basic or other replayable scheme is redundant. I like it, and think
that it will make the IESG happier, but use your own judgement. There
has been no other substantive comment.
I think that closes all the technical issues.
--
Scott Lawrence Consulting Engineer <lawrence@agranat.com>
Agranat Systems, Inc. Embedded Web Technology http://www.agranat.com/
--1
Content-Type: message/rfc822
Content-Disposition: attachment
Received: by src-mail.pa.dec.com; id AA18744; Mon, 3 Aug 1998 15:25:43 -0700
Received: from mail2.digital.com by pobox1.pa.dec.com (5.65v3.2/1.1.10.5/07Nov97-1157AM)
id AA17015; Mon, 3 Aug 1998 15:25:18 -0700
Received: from dirty.research.bell-labs.com (dirty.research.bell-labs.com [204.178.16.6])
by mail2.digital.com (8.8.8/8.8.8/WV1.0g) with SMTP id PAA12823
for <jg@pa.dec.com>; Mon, 3 Aug 1998 15:25:17 -0700 (PDT)
Received: from research.research.bell-labs.com ([135.104.1.3]) by dirty; Mon Aug 3 18:23:30 EDT 1998
Received: from swift.research.bell-labs.com ([135.104.26.201]) by research; Mon Aug 3 18:23:05 EDT 1998
Received: from aleatory.research.bell-labs.com (aleatory.research.bell-labs.com [135.104.46.50])
by swift.research.bell-labs.com (8.8.8/8.8.8) with ESMTP id SAA28787;
Mon, 3 Aug 1998 18:23:03 -0400 (EDT)
Received: (from dmk@localhost)
by aleatory.research.bell-labs.com (8.8.6/8.8.6) id SAA18126;
Mon, 3 Aug 1998 18:22:58 -0400 (EDT)
Date: Mon, 3 Aug 1998 18:22:58 -0400 (EDT)
From: Dave Kristol <dmk@research.bell-labs.com>
Message-Id: <199808032222.SAA18126@aleatory.research.bell-labs.com>
To: paulle@microsoft.com, lawrence@agranat.com
Subject: Re: Closures for remaining technical Digest Issues
Cc: jg@pa.dec.com, john@math.nwu.edu, masinter@parc.xerox.com,
stewart@OpenMarket.com, eric@spyglass.com, luotonen@netscape.com,
jeff@spyglass.com, pbaker@verisign.com, frystyk@w3.org,
mogul@pa.dec.com, fielding@ics.uci.edu
X-Sun-Charset: US-ASCII
Status:
Scott Lawrence <lawrence@agranat.com> wrote:
> a4 DIGEST-MULTIPART
> http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0040.html
>
> is, I think, not an issue - if you think that we need some text
> clarifying what is meant by entity-body in a multipart response, then
> I guess we could add some, but I can't think where it belongs - ideas?
I, for one, think it deserves a clarification. (If it had been clear,
I wouldn't have asked my question.)
I need to leave for the day, but I can try to suggest words and
pinpoint a place to put them tomorrow, unless someone else beats me to
it.
Dave
--1
Content-Type: message/rfc822
Content-Disposition: attachment
Received: by src-mail.pa.dec.com; id AA29650; Tue, 4 Aug 1998 07:05:54 -0700
Received: from mail2.digital.com by pobox1.pa.dec.com (5.65v3.2/1.1.10.5/07Nov97-1157AM)
id AA02698; Tue, 4 Aug 1998 07:05:30 -0700
Received: from dirty.research.bell-labs.com (dirty.research.bell-labs.com [204.178.16.6])
by mail2.digital.com (8.8.8/8.8.8/WV1.0g) with SMTP id HAA01575
for <jg@pa.dec.com>; Tue, 4 Aug 1998 07:05:29 -0700 (PDT)
Received: from research.research.bell-labs.com ([135.104.1.3]) by dirty; Tue Aug 4 10:02:01 EDT 1998
Received: from tango.research.bell-labs.com ([135.104.75.12]) by research; Tue Aug 4 10:01:58 EDT 1998
Received: from aleatory.research.bell-labs.com (aleatory.research.bell-labs.com [135.104.46.50])
by tango.research.bell-labs.com (8.8.8/8.8.8) with ESMTP id KAA03850;
Tue, 4 Aug 1998 10:01:38 -0400 (EDT)
Received: (from dmk@localhost)
by aleatory.research.bell-labs.com (8.8.6/8.8.6) id KAA14512;
Tue, 4 Aug 1998 10:01:55 -0400 (EDT)
Date: Tue, 4 Aug 1998 10:01:55 -0400 (EDT)
From: Dave Kristol <dmk@research.bell-labs.com>
Message-Id: <199808041401.KAA14512@aleatory.research.bell-labs.com>
To: paulle@microsoft.com, lawrence@agranat.com
Subject: Re: Closures for remaining technical Digest Issues
Cc: jg@pa.dec.com, john@math.nwu.edu, masinter@parc.xerox.com,
stewart@OpenMarket.com, eric@spyglass.com, luotonen@netscape.com,
jeff@spyglass.com, pbaker@verisign.com, frystyk@w3.org,
mogul@pa.dec.com, fielding@ics.uci.edu
X-Sun-Charset: US-ASCII
Status:
> > a4 DIGEST-MULTIPART
> > http://www.ics.uci.edu/pub/ietf/http/hypermail/1998q2/0040.html
> >
> > is, I think, not an issue - if you think that we need some text
> > clarifying what is meant by entity-body in a multipart response, then
> > I guess we could add some, but I can't think where it belongs - ideas?
>
> I, for one, think it deserves a clarification. (If it had been clear,
> I wouldn't have asked my question.)
>
> I need to leave for the day, but I can try to suggest words and
> pinpoint a place to put them tomorrow, unless someone else beats me to
> it.
As promised, a proposal:
In "3.2.2 The Authorization Request Header", amend this paragraph:
Also note that if integrity protection is applied (qop=auth-int),
the H(entity-body) is the hash of the entity body, not the
message body - it is computed before any transfer encoding is
applied by the sender and after it has been removed by the
recipient.
Add to it:
Further note that, if the entity comprises a multipart message-body,
H(entity-body) is a hash of the entire multi-part message-body,
including its MIME header parts.
--1
Content-Type: message/rfc822
Content-Disposition: attachment
Received: by src-mail.pa.dec.com; id AA19194; Tue, 4 Aug 1998 07:21:39 -0700
Received: from mail1.digital.com by pobox1.pa.dec.com (5.65v3.2/1.1.10.5/07Nov97-1157AM)
id AA17325; Tue, 4 Aug 1998 07:21:12 -0700
Received: from firewall.agranat.com (agranat.com [198.113.147.2])
by mail1.digital.com (8.8.8/8.8.8/WV1.0g) with SMTP id HAA26568;
Tue, 4 Aug 1998 07:21:11 -0700 (PDT)
Received: from starfish.agranat.com (lawrence@[192.104.71.132]) by firewall.agranat.com (8.6.12/8.6.9) with ESMTP id KAA05467; Tue, 4 Aug 1998 10:21:08 -0400
Received: from localhost (lawrence@localhost) by starfish.agranat.com (8.8.5/8.6.9) with SMTP id KAA00560; Tue, 4 Aug 1998 10:21:08 -0400
X-Authentication-Warning: starfish.agranat.com: lawrence owned process doing -bs
Date: Tue, 4 Aug 1998 10:21:08 -0400 (EDT)
From: Scott Lawrence <lawrence@agranat.com>
To: Dave Kristol <dmk@research.bell-labs.com>
Cc: paulle@microsoft.com, jg@pa.dec.com, john@math.nwu.edu,
masinter@parc.xerox.com, stewart@OpenMarket.com, eric@spyglass.com,
luotonen@netscape.com, jeff@spyglass.com, pbaker@verisign.com,
frystyk@w3.org, mogul@pa.dec.com, fielding@ics.uci.edu
Subject: Re: Closures for remaining technical Digest Issues
In-Reply-To: <199808041401.KAA14512@aleatory.research.bell-labs.com>
Message-Id: <Pine.LNX.3.96.980804102051.473B-100000@starfish.agranat.com>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status:
On Tue, 4 Aug 1998, Dave Kristol wrote:
> Add to it:
> Further note that, if the entity comprises a multipart message-body,
> H(entity-body) is a hash of the entire multi-part message-body,
> including its MIME header parts.
Sounds good.
--1--