TODO: HTTP Digest using SHA-256

2017-02-22 14:16:45 +01:00 · 2017-02-22 14:16:45 +01:00 · f57eb1f8e3
--- a/docs/TODO
+++ b/docs/TODO
@ -63,6 +63,7 @@
 5.1 Better persistency for HTTP 1.0
 5.2 support FF3 sqlite cookie files
 5.3 Rearrange request header order
+ 5.4 HTTP Digest using SHA-256
 5.5 auth= in URLs
 5.6 Refuse "downgrade" redirects
 5.7 Brotli compression
@ -526,6 +527,15 @@ This is not detailed in any FTP specification.
 headers use a default value so only headers that need to be moved have to be
 specified.

+5.4 HTTP Digest using SHA-256
+
+ RFC 7616 introduces an update to the HTTP Digest authentication
+ specification, which amongst other thing defines how new digest algorithms
+ can be used instead of MD5 which is considered old and not recommanded.
+
+ See https://tools.ietf.org/html/rfc7616 and
+ https://github.com/curl/curl/issues/1018
+
 5.5 auth= in URLs

 Add the ability to specify the preferred authentication mechanism to use by