W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Where we stand on Digest Authentication

From: Jeff Hostetler <jeff@rafiki.spyglass.com>
Date: Tue, 27 Feb 96 10:22:02 -0600
Message-Id: <9602271622.AA17634@fido.spyglass.com>
To: John Franks <john@math.nwu.edu>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, Paul Leach <paulle@microsoft.com>


let's keep with what we have and try to put digest to bed as is.
remember, the important thing is to kill 'basic' asap.

there have been lots of good ideas and suggestions presented
over the past ~4 months regarding digest authentication.
perhaps it would be appropriate to begin discussion of a new
authentication scheme (beyond digest) which incorporates
as many of them as possible.

this would give us a better spectrum:

nothing ---> basic ---> digest ---> xxx ---> ?kerberos? ---> ?private-key?

where assurances go up/risks go down as you go the right.

thoughts ??
jeff
Received on Tuesday, 27 February 1996 08:32:59 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:47 EDT