IPP Mail Archive: FW: IPP> MOD - Proposed new functionality for clients to invoke H

FW: IPP> MOD - Proposed new functionality for clients to invoke H

Manros, Carl-Uno B (cmanros@cp10.es.xerox.com)
Wed, 24 Mar 1999 09:24:16 -0800

Hi,

I am forwarding a message from Scott Lawrence on the proposal for a new
optional operation to invoke challenges (Issue 2 in Tom's list).

Carl-Uno

-----Original Message-----
From: Scott Lawrence [mailto:lawrence@agranat.com]
Sent: Monday, March 22, 1999 2:01 PM
To: Manros, Carl-Uno B
Subject: RE: IPP> MOD - Proposed new functionality for clients to invoke
HTTP security

> 2) ADDITION: We would like to add another operation that forces
> the server to generate a 401 authentication challenge.
> This is very useful for a client to be able to get into identified mode as
> soon as possible. Today you have to wait to be challenged by the server,
> which may never happen - or happens at an unpredictable time. Unless
> somebody has a different solution.

There are two cases: basic and digest.

For basic, all you need is the realm name, or to configure the client to
send a username and password unsolicited. There's no rule against doing
that in HTTP, so it's fine.

For digest, you can't do anything until you get a specific challenge from
the server, which you could get at any request including the first one.
There's no value in letting the client know that the challenge is coming -
you can't act on it without the nonce in the challenge anyway.

Given that basic is not interesting to the IESG (to put it in the best
possible light), I think the point is moot.