[Date Prev][Date Next] [Chronological] [Thread] [Top]

http-digest authentication comments...

To: chris.newman@INNOSOFT.COM, paulle@microsoft.com
Subject: http-digest authentication comments...
From: Bruce Greenblatt <bruceg@innetix.com>
Date: Thu, 19 Nov 1998 08:44:32 -0800
Cc: ietf-ldapext@netscape.com
Resent-date: Thu, 19 Nov 1998 08:46:20 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"K5eiK2.0.at6.Qj4Ls"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

I've (finally) read the draft (draft-leach-digest-sasl-00.txt) that was
submitted back in September.  I think that it is the latest one out there.
I've got some minor comments.  

In section 2.1.1, the BNF doesn't appear to define what a token is.

In section 2.1.2, why would the client send back the server's nonce in its
digest response?  Is the serv-type value to be used in LDAP "ldap",
"ldapv3", .... or what?

In section 2.1.3, first paragraph, third sentence, shouldn't the server
save the cnonce provided by the client?

If I understand things right, the client's response created in Step 2,
could also be a request for the server to authenticate itself to the client
in Step 3.  This is one reason why it might include a cnonce in its
response.  Can you include more details on this option?

Section 3.3 should indicate that this is a major feature of http-digest
over CRAM-MD5.

Thanks,

Bruce
================================================
Bruce Greenblatt              bruceg@innetix.com
http://www.innetix.com/~bruceg
================================================

Prev by Date: Re: Grouping Attributes Together
Next by Date: Re: Grouping Attributes Together
Index(es):
- Chronological
- Thread