W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: Netscape vs. Digest (?)

From: <jg@zorch.w3.org>
Date: Wed, 28 Aug 96 09:35:05 -0400
Message-Id: <9608281335.AA01794@zorch.w3.org>
To: Lou Montulli <montulli@netscape.com>
Cc: Michael Smith <ms@gf.org>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com

Lou Montulli writes:
> Why would you ever want to use digest if you already have
> certificate support?

I think at least one reason is clear:
	Lack of export control hassles on hashing for authentication.

This means we can make it universal, and stop passwords in the clear
world-wide.  And as the #1 (and I think #2) servers on the Internet
are Apache and NCSA, which have no solution to the export problem
available to them (as I understand it, the Apache folks had their arms
twisted to even remove hooks for stronger forms of encryption or
authentication), this is a Big Issue.  It is far from clear to me that
certificate support is universally available as a result of this
action of the government.  Even if the code were available worldwide, it can't
just get dropped into a server distribution.

				- Jim Gettys
Received on Wednesday, 28 August 1996 06:37:23 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:08 EDT