Open
Bug 116177
Opened 24 years ago
Updated 11 months ago
next nonce digest auth test fails
Categories
(Core :: Networking, defect, P5)
Core
Networking
Tracking
()
NEW
People
(Reporter: jmd, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [digest-auth][necko-would-take])
"Tests the ability of the browser to generate a new set of credentials when
passed a next nonce with a successful response."
Mozilla passes the first step, fails the second.
Comment 1•24 years ago
|
||
I don't know who handles digest authentication, but I assume it's Networking.
Please reassign if necessary.
Assignee: mstoltz → neeti
Component: Security: General → Networking
QA Contact: bsharma → benc
http
Assignee: neeti → darin
Component: Networking → Networking: HTTP
QA Contact: benc → tever
Comment 3•24 years ago
|
||
*** This bug has been marked as a duplicate of 114451 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Comment 4•23 years ago
|
||
reopening (see bug 114451 comment #14)
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Comment 5•23 years ago
|
||
post moz 1.0
Status: REOPENED → ASSIGNED
Priority: -- → P3
Target Milestone: --- → mozilla1.0.1
Comment 6•23 years ago
|
||
Using Build ID: 2002032003 (0.9.9+) Windows 98, I pass the first two tests, but
not the third. Changing OS to all.
OS: Linux → All
Updated•23 years ago
|
Target Milestone: mozilla1.0.1 → ---
Comment 8•23 years ago
|
||
*** Bug 150605 has been marked as a duplicate of this bug. ***
Updated•23 years ago
|
Whiteboard: [digest-auth]
Comment 10•21 years ago
|
||
see comment #4.
Comment 11•20 years ago
|
||
*** Bug 277822 has been marked as a duplicate of this bug. ***
Comment 12•19 years ago
|
||
-> default owner
Assignee: darin → nobody
Status: ASSIGNED → NEW
Component: Networking: HTTP → Networking
QA Contact: tever → networking
Target Milestone: Future → ---
Updated•19 years ago
|
Assignee: nobody → sayrer
Updated•10 years ago
|
Assignee: sayrer → nobody
Updated•9 years ago
|
Whiteboard: [digest-auth] → [digest-auth][necko-would-take]
Comment 13•8 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: P3 → P5
Updated•3 years ago
|
Severity: normal → S3
Comment 14•11 months ago
|
||
https://datatracker.ietf.org/doc/html/rfc7616#section-3.5
nextnonce
The value of the nextnonce parameter is the nonce the server
wishes the client to use for a future authentication response.
The server MAY send the Authentication-Info header field with a
nextnonce field as a means of implementing one-time nonces or
otherwise changing nonces. If the nextnonce field is present, the
client SHOULD use it when constructing the Authorization header
field for its next request. Failure of the client to do so MAY
result in a request to re-authenticate from the server with the
"stale=true".
Server implementations SHOULD carefully consider the
performance implications of the use of this mechanism;
pipelined requests will not be possible if every response
includes a nextnonce parameter that MUST be used on the next
request received by the server. Consideration SHOULD be given
to the performance vs. security tradeoffs of allowing an old
nonce value to be used for a limited time to permit request
pipelining. Use of the nc parameter can retain most of the
security advantages of a new server nonce without the
deleterious effects on pipelining.
Blocks: necko-auth
You need to log in
before you can comment on or make changes to this bug.
Description
•