archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/inetcore/digest/notes.txt

59 lines
2.6 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. Digest authentication:
  4. 1) Digest clients can be subdivided into serial clients and parallel clients.
  5. We know how serial clients work. Parallel clients are two or more serial clients
  6. operating concurrently, sharing authentication data (specifically nonces). We
  7. postulate no a priori specific behavior for the parallel client nonce cache.
  9. 2) Parallel clients exist. Servers will receive multiple concurrent requests
  10. from single clients.
  12. 3) Given that parallel clients exist, what are possible modes of server behaviors
  13. regarding the generation and acceptance of nonces? There are several base cases and
  14. several degenerate cases
  16. a) Base case : A server generates a single nonce and always accepts it.
  17. b) Base case : A server generates unique nonces which are accepted only once
  18. and timeout.
  20. c) Degenerate case: A server generates a single nonce and only accepts it once.
  21. d) Degenerate case: A server generates varying nonces but accepts only one of them.
  25. Normal server behavior is assumed to be a composition of a) and b).
  27. Are there any other server nonce behaviors possible? Specifically, can the
  28. server specify any kind of ordering on the nonces that are received? No. The
  29. reason for this is that the underlying transport is asynchronous. The
  30. server cannot require that one nonce is received before or after another nonce,
  31. since it cannot guarantee any kind of ordering of requests from the client or
  32. client responses. Because the server cannot guarantee ordering, neither can the
  33. client, so it makes no sense for the client to enforce ordering in what nonces are
  34. used with requests.
  36. 4) Given the above, the distinction between nonces and nextnonces is confusing, and
  37. actually meaningless. A nonce results from a 401, a nextnonce results from a 200. Each of
  38. them specifies what should be used on the next request. Should they be treated differently?
  39. If so, how? Suppose a client makes two requests which result in two challenges. The response
  40. to the first challenge goes through and results in a nextnonce. Should this nextnonce override
  41. the nonce about to be used in the response to the challenge of the second request? If so, this
  42. would imply an ordering on the client side, which we know doesn't make sense.
  44. 5) Given this, the spec stating that clients SHOULD use the nextnonce value on the subsequent
  45. request is meaningless. What's the next request? What if another nextnonce value comes in before
  46. another request goes out? What if the nextnonce comes in 'late' ? This is a meaningless stipulation.