Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 43142 invoked from network); 28 Jan 2011 14:37:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 28 Jan 2011 14:37:36 -0000 Received: (qmail 14486 invoked by uid 500); 28 Jan 2011 14:37:33 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 14104 invoked by uid 500); 28 Jan 2011 14:37:30 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 14083 invoked by uid 99); 28 Jan 2011 14:37:29 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Jan 2011 14:37:29 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [76.96.59.227] (HELO qmta12.westchester.pa.mail.comcast.net) (76.96.59.227) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Jan 2011 14:37:20 +0000 Received: from omta16.westchester.pa.mail.comcast.net ([76.96.62.88]) by qmta12.westchester.pa.mail.comcast.net with comcast id 12Tn1g0041uE5Es5C2d09P; Fri, 28 Jan 2011 14:37:00 +0000 Received: from [192.168.1.201] ([69.143.109.145]) by omta16.westchester.pa.mail.comcast.net with comcast id 12d01g00P38FjT13c2d0hg; Fri, 28 Jan 2011 14:37:00 +0000 Message-ID: <4D42D48D.7020404@christopherschultz.net> Date: Fri, 28 Jan 2011 09:37:01 -0500 From: Christopher Schultz User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Valid values for digestEncoding attribute? References: <154001cbbe19$88768680$3800a8c0@lightseeker> <4D41E9E7.4030006@christopherschultz.net> In-Reply-To: X-Enigmail-Version: 1.2a1pre Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Etienne, On 1/28/2011 7:59 AM, Ing. Etienne V. Depasquale wrote: > Yes, I am using DIGEST authentication. > > But what about the www-authenticate HTTP/1.1 header that Tomcat sends over > to the browser? Is it ignored by any browser, simply defaulting to MD5? I'm sorry, I misspoke. You're right: there is a way for the server to tell the client what kind of digest algorithm to use, but there is no /negotiation/: the server can't give the client a choice, and the client can't tell the server what algorithm it chose. The spec only defines MD5 as the default (and only choice for) algorithm so web browsers have only implemented MD5. If you can demonstrate that a web browser will use SHA-1 (which is, by the way, also a useless algorithm like MD5 these days), I'd be very happy to see it. I'm guessing that Firefox and Google Chrome are the only candidates for that kind of thing. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1C1I0ACgkQ9CaO5/Lv0PBo2wCeM8GswwNUimW/aQ2bJ/O4vOoW zooAn0uQTcu8D8gbb8TRklc0bmlvUXHl =Wong -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org