On 12/30/2011 10:14 PM, Amos Jeffries wrote:
Reading section 2.3, it appears this method of transferring the
credentials is open to replay attacks when caching TLS middleware is
present. I believe this spec should mandate cache controls on
responses using that method. Otherwise a lot of
On 2012-01-01 20:41, Mike Jones wrote:
I'll note that in some profiles, the Bearer challenge may be the only one that
the application may legally use. In that case, there's no need to be able
parse other challenges that the application can't fulfill in the first place.
The application would
I'll note that in some profiles, the Bearer challenge may be the only one that
the application may legally use. In that case, there's no need to be able
parse other challenges that the application can't fulfill in the first place.
The application would fail if an unsupported challenge type was
On 2011-12-31 20:40, Mike Jones wrote:
Maybe I misunderstood your position. If you agree that '\' may not occur in the INPUT string, then
that issue can be closed. That was the working group consensus position, per the cited e-mails. I
thought that you were arguing that syntax restrictions o
