> This doesn't appear to check that the timestamp is anywhere near now, > which would prevent same-site replays...
Correct - the trouble with timestap checks is that ?most/some? browsers will NOT cache the password the user has entered; but the 'response' (i.e. nonce+realm+password). So if one sets a 5 minute time out on the time stamp - then users will be prompted for a password every 5 minutes or so. Setting it to any thing shorter, which from a security perspective would even make more snese, of course means typing the password for every page :) Bear in mind that unlike experimental/mod_auth_digest - most browsers and mod_digest does not do anything like fancy/decent qop or other counts; and as far as I understand any re-newing of the nonce requires a full rejection round trip. Dw
