W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Where should Digest go next?

From: John Franks <john@math.nwu.edu>
Date: Wed, 3 Jan 1996 10:16:09 -0600 (CST)
To: "Eric W. Sink" <eric@rafiki.spyglass.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.SUN.3.91.960103100054.8210A-100000@hopf.math.nwu.edu>


On Wed, 3 Jan 1996, Eric W. Sink wrote:

> 
> I'd like to welcome new contributors to the discussion on Digest
> authentication, and give you a bit of history behind this proposed
> authentication mechanism.
> 
> Digest definitely has holes and limitations.  We did not set out to design a
> Great authentication scheme.  We set out to design a Better authentication
> scheme.
> 

I would like to echo the Eric's remarks.  Digest authentication in its
early versions was called "Simple" authentication.  The idea was to
replace (as quickly and painlessly as possible) "Basic" authentication
which is in widespread use today and involves the network transmission
of passwords which are not encoded.

It was never our intent to produce what Eric refers to as a "great
authentication scheme."  The objective was always to replace Basic
authentication as quickly as possible.  This remains an important
objective which could be achieved by HTTP/1.1.


John Franks 	Dept of Math. Northwestern University
		john@math.nwu.edu
Received on Wednesday, 3 January 1996 08:22:10 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:42 EDT