[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
http-digest authentication comments...
I've (finally) read the draft (draft-leach-digest-sasl-00.txt) that was
submitted back in September. I think that it is the latest one out there.
I've got some minor comments.
In section 2.1.1, the BNF doesn't appear to define what a token is.
In section 2.1.2, why would the client send back the server's nonce in its
digest response? Is the serv-type value to be used in LDAP "ldap",
"ldapv3", .... or what?
In section 2.1.3, first paragraph, third sentence, shouldn't the server
save the cnonce provided by the client?
If I understand things right, the client's response created in Step 2,
could also be a request for the server to authenticate itself to the client
in Step 3. This is one reason why it might include a cnonce in its
response. Can you include more details on this option?
Section 3.3 should indicate that this is a major feature of http-digest
over CRAM-MD5.
Thanks,
Bruce
================================================
Bruce Greenblatt bruceg@innetix.com
http://www.innetix.com/~bruceg
================================================