FW: IPP> MOD - Proposed new functionality for clients to invoke H TTP security

FW: IPP> MOD - Proposed new functionality for clients to invoke H TTP security

FW: IPP> MOD - Proposed new functionality for clients to invoke H TTP security

Manros, Carl-Uno B cmanros at cp10.es.xerox.com
Wed Mar 24 12:24:16 EST 1999


Hi,

I am forwarding a message from Scott Lawrence on the proposal for a new
optional operation to invoke challenges (Issue 2 in Tom's list).

Carl-Uno

-----Original Message-----
From: Scott Lawrence [mailto:lawrence at agranat.com] 
Sent: Monday, March 22, 1999 2:01 PM
To: Manros, Carl-Uno B
Subject: RE: IPP> MOD - Proposed new functionality for clients to invoke
HTTP security


> 2)  ADDITION:  We would like to add another operation that forces
> the server to generate a 401 authentication challenge.
> This is very useful for a client to be able to get into identified mode as
> soon as possible. Today you have to wait to be challenged by the server,
> which may never happen - or happens at an unpredictable time.  Unless
> somebody has a different solution.

There are two cases: basic and digest.

For basic, all you need is the realm name, or to configure the client to
send a username and password unsolicited.  There's no rule against doing
that in HTTP, so it's fine.

For digest, you can't do anything until you get a specific challenge from
the server, which you could get at any request including the first one.
There's no value in letting the client know that the challenge is coming -
you can't act on it without the nonce in the challenge anyway.

Given that basic is not interesting to the IESG (to put it in the best
possible light), I think the point is moot.



More information about the Ipp mailing list