TODO: HTTP Digest using SHA-256

author Daniel Stenberg <daniel@haxx.se>

Wed, 22 Feb 2017 13:16:45 +0000 (14:16 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 22 Feb 2017 13:16:45 +0000 (14:16 +0100)
author Daniel Stenberg <daniel@haxx.se>
Wed, 22 Feb 2017 13:16:45 +0000 (14:16 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 22 Feb 2017 13:16:45 +0000 (14:16 +0100)
diff --git a/docs/TODO b/docs/TODO

index 70714fd98b500c0501b07c4b57db746afa44fef8..217c6f887af1118f716fc2bfbb7a899cdd638d23 100644 (file)
--- a/docs/TODO
+++ b/docs/TODO
@@ -63,6 +63,7 @@
   5.1 Better persistency for HTTP 1.0
   5.2 support FF3 sqlite cookie files
   5.3 Rearrange request header order
+ 5.4 HTTP Digest using SHA-256
   5.5 auth= in URLs
   5.6 Refuse "downgrade" redirects
   5.7 Brotli compression
@@ -526,6 +527,15 @@ This is not detailed in any FTP specification.
   headers use a default value so only headers that need to be moved have to be
   specified.
  
+5.4 HTTP Digest using SHA-256
+
+ RFC 7616 introduces an update to the HTTP Digest authentication
+ specification, which amongst other thing defines how new digest algorithms
+ can be used instead of MD5 which is considered old and not recommanded.
+
+ See https://tools.ietf.org/html/rfc7616 and
+ https://github.com/curl/curl/issues/1018
+
  5.5 auth= in URLs
  
   Add the ability to specify the preferred authentication mechanism to use by
author	Daniel Stenberg <daniel@haxx.se>
	Wed, 22 Feb 2017 13:16:45 +0000 (14:16 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 22 Feb 2017 13:16:45 +0000 (14:16 +0100)