W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: APOP - authentication..

From: Paul Leach <paulle@microsoft.com>
Date: Tue, 20 Feb 96 11:20:20 PST
To: fielding@avron.ICS.UCI.EDU, pjc@trusted.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: red-16-msg960220191352MTP[01.52.00]000000b1-103168
Roy said, commenting on Peter's mail:
] >
] > Various digest proposals have been proposed as weak subsets of SHTTP..
] > APOP is an existing standard. ...
]
] for transfer of mail, yes.  So?  You still have to translate the APOP
] authentication to an HTTP syntax.  All I am saying is that you might as
] well translate it into the Digest syntax, since there is zero chance
] of it being implemented in HTTP clients otherwise.

I'm waiting on the revised Digest I-D before forming an opinion on this 
one. We don't implement what was in the old version of  the I-D on 
Digest, and so we wouldn't have a problem choosing either. If there are 
lots of people implementing the old version, then we'd be swayed by the 
difficulty of their changing, all other things being equal (like degree 
of simplicity and level of security). But the ability to reuse 
mechanism between our POP3 server and HTTP server (even after 
translating to HTTP syntactical form) would be attractive.

Paul
Received on Tuesday, 20 February 1996 13:29:10 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:45 EDT