[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Should response-auth be optional for digest authentication in authmeth?
At 08:52 PM 5/2/2003, Roger Harrison wrote:
>I believe we should modify the text of authmeth-05 section 8.2 paragraph 6 to always have the credentials field contain the value of response-auth *if* this can be done without causing a problem for item 5 above (ability to signal server support for subsequent authenticaion) AND also not cause interoperability problems for clients that may not be expecting the value.
I believe this modification is quite appropriate.
RFC 2831 is correct here, we need to align to it
(actually to draft-ietf-sasl-rfc2831bis).
If anyone things RFC 2831 is incorrect here then they
should take the issue up with the SASL WG.
Kurt