W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: digest vs basic

From: Peter J Churchyard <pjc@trusted.com>
Date: Wed, 28 Aug 1996 16:31:20 -0400 (EDT)
Message-Id: <9608282031.AA07331@hilo.trusted.com>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
As larry has pointed out, basic for client / server non persistant requests
is a poor choice.

client - proxy  with persistant connection between client and proxy 
when used with one time password systems ( as we do in our product) allows
sites to authenticate strongly which of their users can do WEB stuff.

Basic auth as a mechanism can very useful even if it is not what it was
intended for.

There are no export restrictions for hash algs (MD4,5). crypto can be
exported if used for authentication only and cannot be used for data
encryption. (you ship binaries only.. no source.)

Patent restrictions are a different matter...

Pete.
-- 
The TIS Network Security Products Group has moved again!
voice: 301-527-9500x111  fax: 301-527-0482
Room 334, 15204 Omega Drive, Rockville, MD 20850
Received on Wednesday, 28 August 1996 13:31:45 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:08 EDT