RE: http-digest authentication comments...

[Paul Leach <paulle@microsoft.com>]

> -----Original Message-----
> From: Bruce Greenblatt [mailto:bruceg@innetix.com]
> Sent: Thursday, November 19, 1998 8:45 AM
> To: chris.newman@innosoft.com; Paul Leach
> Cc: ietf-ldapext@netscape.com
> Subject: http-digest authentication comments...
> 
> 
> I've (finally) read the draft 
> (draft-leach-digest-sasl-00.txt) that was
> submitted back in September.  I think that it is the latest 
> one out there.
> I've got some minor comments.  
> 
> In section 2.1.1, the BNF doesn't appear to define what a token is.

Same as in HTTP.

> 
> In section 2.1.2, why would the client send back the server's 
> nonce in its
> digest response?  Is the serv-type value to be used in LDAP "ldap",
> "ldapv3", .... or what?

To be defined in ldap SASL profile. Mark Wahl has done so.

> 
> In section 2.1.3, first paragraph, third sentence, shouldn't 
> the server
> save the cnonce provided by the client?

No -- when a subsequent authentication is done, the client will provide a
cnonce.

> 
> If I understand things right, the client's response created in Step 2,
> could also be a request for the server to authenticate itself 
> to the client
> in Step 3.  This is one reason why it might include a cnonce in its
> response.  Can you include more details on this option?

I don't understand this question.

Paul