HTTP Authentication - Digest

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I had a discussion yesterday with a friend about digest http authentication,
what are your thoughts?

A webserver serving a protected document using the digest method answers
initial client requests with a 401 but includes an authentication challenge.
The server generated 401 includes in the header a nonce, a random value.
This nonce is then encrypted along with the client's user name and password
(as well as some other data) and sent back to the server. The original nonce
is also sent back.

The server will then compare the client generated hash value with it's own
calculated value.

Question: In that calculation, does the server use the nonce sent back by
the client or does it *remember* the nonce value it originally sent? The
point why I ask, that would make it a stateful protocol..

If the server does not remember the original nonce value, then the purpose
of  the nonce is simply to enable the client to send a different hash value
with every request, even if the same URL is requested over and over again.
That's a good reason for it to exist, but then why does the server generate
and send it in the first place? The client could just generate the nonce

If the server does remember, it would enable the server to control the
maximum time the client has to authenticate, among other stuff..

Some of those goals are mentioned in RFC 2617 but to us it was not clear if
those requests are realized in http 1.0..

Site Timeline