Re: potential security holes in digest authorization

>Now Phillip seems to suggest that the realm should be something the
>INTERNIC registers.  I don't understand why.  

If people want realms to be unique then it would be a good thing to
have some mechanism for ensuring that they are. INTERNIC provides a
mechanism for giving people a unique name. I'm not implying that the
realm should be internic addresssable, merely that people should only use
names that they "own".

Or perhaps what I'm really arguing for is that people should only use internic
style names if they own them. I should not set up a realm att.com for example.
but could set up "Edible" as a realm but with a danger of collision.


	Phill

Received on Wednesday, 26 July 1995 13:30:39 UTC