W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Where should Digest go next?

From: Phillip M. Hallam-Baker <hallam@w3.org>
Date: Tue, 16 Jan 96 22:33:54 -0500
Message-Id: <9601170333.AA10551@www18.w3.org>
To: masinter@parc.xerox.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
>1- Submit as Proposed standard as part of HTTP/1.1
>2- Submit as Proposed standard as a separate document
>3- Submit as Informational, as part of HTTP/1.0
>4- Submit as Informational, as a separate document
>5- Don't handle as part of IETF

>The problem with options 1 and 2 is whether such Proposed Standards
>would have a chance of actually making it to Standard without change.
>I don't think this will work out: the standards track really does
>require us to propose solutions that don't have major holes, and if
>we're not interested in fixing the known problems, trying to move
>along standards track is inappropriate.


Sorry for delay in replying to the above, for some reason movement in this area
aways seems to happen while I'm on my Xmas Hols.

The problem I have with Larry's argument is that a logical consequence would be 
REMOVE the existing BASIC scheme entirely. That has been my main concern all
along. Basic authentication is the worst sort of security scheme - it
prejudices other schemes. It is a trivial matter to write a sniffer and collect
plenty of BASIC authentication passwords, many of which will be used for access
to other systems.

While I sympathise with Alan's comments suggesting improvements to DIGEST my
problem is how to persuade people to stop providing a non solution as fast as
possible. I propose that we accept the following proposals :-

1) Adding an algorithm parameter.
2) Describe in detail construction of nonces. 
	Here there are a number of tricks already in use which ensure that
	a nonce is only valid for requests comming from a single TCP/IP
	address.

The problem with the suggestion to sign headers is that it requires the
Wrapping of a message. While I am in favour of such an approach I don't think I
can get people to implement it :-(

I'm looking at Alan's other proposals.

What I want to avoid is having Digest stalled on the next great security
solution which has not yet been coded. I consider it to have been a mistake to
leave it out of HTTP/1.0. I would have prefered to see BASIC omited.


I certainly reject Larry's claim that Digest does not add any appreciable
security over Basic. This is very definitely NOT the case.


The IETF has a very long history of blowing security by insisting that any
proposed improvement overno security be perfect security. It has generally
meant that the installed userbase has become fixed before perfection is
achieved and hence we are left with SMTP, Telnet, NNTP and other hacker havens.

--
Phillip M. Hallam-Baker            Not speaking for anoyone else
hallam@w3.org http://www.w3.org/hypertext/WWW/People/hallam.html
Information Superhighway -----> Hi-ho! Yow! I'm surfing Arpanet!
Received on Wednesday, 17 January 1996 02:12:52 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:43 EDT