Open Bug 116177 Opened 23 years ago Updated 7 days ago

next nonce digest auth test fails

Categories

(Core :: Networking, defect, P5)

Product:
Core
Component:
Networking
Type:
defect

Tracking

()

People

(Reporter: jmd, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

(Whiteboard: [digest-auth][necko-would-take]) 

"Tests the ability of the browser to generate a new set of credentials when
passed a next nonce with a successful response."

Mozilla passes the first step, fails the second.
I don't know who handles digest authentication, but I assume it's Networking.
Please reassign if necessary.
Assignee: mstoltz → neeti
Component: Security: General → Networking
QA Contact: bsharma → benc
http
Assignee: neeti → darin
Component: Networking → Networking: HTTP
QA Contact: benc → tever

*** This bug has been marked as a duplicate of 114451 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
reopening (see bug 114451 comment #14)
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
post moz 1.0
Status: REOPENED → ASSIGNED
Priority: -- → P3
Target Milestone: --- → mozilla1.0.1
Using Build ID: 2002032003 (0.9.9+) Windows 98, I pass the first two tests, but
not the third. Changing OS to all.
OS: Linux → All
Target Milestone: mozilla1.0.1 → ---
mass futuring of untargeted bugs
Target Milestone: --- → Future
*** Bug 150605 has been marked as a duplicate of this bug. ***
Whiteboard: [digest-auth]
any idea what needs to be done here?
Hardware: PC → All
see comment #4.
*** Bug 277822 has been marked as a duplicate of this bug. ***
-> default owner
Assignee: darin → nobody
Status: ASSIGNED → NEW
Component: Networking: HTTP → Networking
QA Contact: tever → networking
Target Milestone: Future → ---
Assignee: nobody → sayrer
Assignee: sayrer → nobody
Whiteboard: [digest-auth] → [digest-auth][necko-would-take]
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: P3 → P5
Severity: normal → S3

https://datatracker.ietf.org/doc/html/rfc7616#section-3.5

 nextnonce

  The value of the nextnonce parameter is the nonce the server
  wishes the client to use for a future authentication response.
  The server MAY send the Authentication-Info header field with a
  nextnonce field as a means of implementing one-time nonces or
  otherwise changing nonces.  If the nextnonce field is present, the
  client SHOULD use it when constructing the Authorization header
  field for its next request.  Failure of the client to do so MAY
  result in a request to re-authenticate from the server with the
  "stale=true".

     Server implementations SHOULD carefully consider the
     performance implications of the use of this mechanism;
     pipelined requests will not be possible if every response
     includes a nextnonce parameter that MUST be used on the next
     request received by the server.  Consideration SHOULD be given
     to the performance vs. security tradeoffs of allowing an old
     nonce value to be used for a limited time to permit request
     pipelining.  Use of the nc parameter can retain most of the
     security advantages of a new server nonce without the
     deleterious effects on pipelining.
Blocks: necko-auth
You need to log in before you can comment on or make changes to this bug.