W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Where we stand on Digest Authentication

From: <hallam@w3.org>
Date: Tue, 27 Feb 96 15:38:16 -0500
Message-Id: <9602272038.AA14481@zorch.w3.org>
To: Larry Masinter <masinter@parc.xerox.com>
Cc: john@math.nwu.edu, paulle@microsoft.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, hallam@w3.org

Hi,

	I will have a look at the wording again tommorow and attempt
to set right Alan's points. We have had Ran Carnetti look over the proposal.
He suggested adding in a reciprocal authentication option so that the
server could identify itself to the client. i can also find out if
Phil rogaway is willing to give it a read through. Mihir Belhaire also
comes to mind. these are the specialists in the field.

	We now have at least two interoperable implementations. We
have the Spyglass one and the Common Lisp Web Server by John Mallory.
the latter has been shipping for 6 months with almost every LISP 
implementations sold.

	As far as the criticisms Alan makes there are some which cannot be solved
unless we forget about the idea of being a direct replac ement for
BASIC. If BASIC did not exist I would insist we use Digest and the WRAPPED
method together for security. As it is I know that such a demand would put back
adoption for several years and probably mean that BASIC is still in widespread
use in ten years time. it is always going to be harder to do wrapped
methods than plain ones and I doubt that every PERL hack will support it.

		Phill
Received on Tuesday, 27 February 1996 12:40:52 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:47 EDT