Remix.run Logo
throwaway2037 4 hours ago

I don't understand the reference. I looked it up here: https://datatracker.ietf.org/doc/html/rfc2617#section-4.3

    4.3 Limited Use Nonce Values

    The Digest scheme uses a server-specified nonce to seed the
    generation of the request-digest value (as specified in section
    3.2.2.1 above).  As shown in the example nonce in section 3.2.1, the
    server is free to construct the nonce such that it may only be used
    from a particular client, for a particular resource, for a limited
    period of time or number of uses, or any other restrictions.  Doing
    so strengthens the protection provided against, for example, replay
    attacks (see 4.5).  However, it should be noted that the method
    chosen for generating and checking the nonce also has performance and
    resource implications.  For example, a server may choose to allow
    each nonce value to be used only once by maintaining a record of
    whether or not each recently issued nonce has been returned and
    sending a next-nonce directive in the Authentication-Info header
    field of every response. This protects against even an immediate
    replay attack, but has a high cost checking nonce values, and perhaps
    more important will cause authentication failures for any pipelined
    requests (presumably returning a stale nonce indication).  Similarly,
    incorporating a request-specific element such as the Etag value for a
    resource limits the use of the nonce to that version of the resource
    and also defeats pipelining. Thus it may be useful to do so for
    methods with side effects but have unacceptable performance for those
    that do not.
Can you explain your (assumed) sarcastic remark?
afandian 4 hours ago | parent | next [-]

That third word, starting with 'n' is British slang, which you are welcome to look up.

Presumably the etymology was in place before it took on its present meaning, but it is not a word I would use in a professional context.

My comment was oblique, but not sarcastic. Partly because I didn't want to use the word directly, and partly in keeping with the tone of the original blog post!

graemep 3 hours ago | parent [-]

The British usage predates the RFC and probably the cryptographic use. I definitely heard the term in the late 80s.

ethersteeds 3 hours ago | parent | prev | next [-]

In British slang, "nonce" is a highly offensive term for a sex offender, particularly one who has harmed children. It is considered derogatory and should be used with caution.

jowsie an hour ago | parent [-]

I'm guessing this is very context/region dependant. Calling someone a nonce as a bit of banter would be more acceptable than calling them a paedophile when I was growing up. I assume because using the officially recognised term made your accusations seem more ernest, though I've never actually thought much about it before.

roryirvine 4 hours ago | parent | prev [-]

"number used once" wouldn't be the first definition of that word which springs to mind for most people in the UK.