Brad Fitzpatrick (brad) wrote,
Brad Fitzpatrick

RFC 2617

Earlier today I read through RFC 2617 (HTTP Digest Access Authentication) and was pretty impressed by a number of parts about it, particularly how the server can reply that the nonce value is stale and the client will reply without prompting the user for the password again. That was one of the things that'd always bothered me about HTTP-based challenge-response in the past, but I just hadn't taken the time to more than skim the RFC before.

But .... I wonder if this spec is implemented properly in enough common browsers. Does anybody know?

I could do some really cool shit with this, but I don't want to waste my time if it's going to only 80% work in 95% of browsers. Or, I could just go all 1995 and put up "This site best view with Netscape 12.0!" all over my sites.

Update: *sigh*... not perfectly with Mozilla.

  • Doing Hos is Hard Work

    Etch-a-Sketch doesn't involve much hill climbing. GPS-a-Sketch in San Francisco does, however: Merry Christmas from me and…

  • Adventurous Weekend

    Before I fall asleep, I'll try to recap the awesomeness that was this weekend. Friday: -- kinda short day at work, due to floor…

  • Bike Route

    A fellow biker last Friday recorded our ride to work: our ride.

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.