W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: RFC1734

From: Peter J Churchyard <pjc@trusted.com>
Date: Tue, 20 Feb 1996 14:39:33 -0500 (EST)
Message-Id: <9602201939.AA11006@hilo.trusted.com>
To: pjc <pjc@hilo.trusted.com>
Cc: NED@innosoft.com, rtor@ansa.co.uk, fielding@avron.ICS.UCI.EDU, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
RFC1734 (POP3 AUTHentication command)

Does not map onto http very well. WWW-Auth/Authorization already provides
the basic framework. I apologise if this is not what you were talking about
and were discussing replaceing 1725's APOP with 1734.

In an http context 1734 uses several client - authpoint handshakes
which does not easily fit into http.

As a firewall proxy implementor APOP has a very useful attribute. If the
firewall can auth the user, then the firewall can use the same info to
authenticate with an APOP server. APOP is one of the few existing mechanisms
that allow this and yet are strong.

Pete.
-- 
The TIS Network Security Products Group has moved!
voice: 301-527-9500 x123 fax: 301-527-0482
2277 Research Boulevard, 5th Floor, Rockville, MD 20850
Received on Tuesday, 20 February 1996 13:34:53 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:45 EDT