"McDonald, Ira" wrote:
> ...
> Also, RFC 2617 makes clear that protecting the content with
> Digest (over the content and not just the headers) is still
> WEAK security, at best. If you need real security, you need
> a TLS session. Ain't no other way to get there.
Right (one of the reasons we concentrated on getting TLS into CUPS
rather than messing with MD5-sess, since it has broader support and
is a better solution...)
I was just pointing out that cnonce by itself won't prevent man-in-
the-middle attacks since the content can be altered by an
intermediary without detection by the server or the client.
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw.com
Printing Software for UNIX http://www.easysw.com