W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: Digest Auth (fwd)

From: John Franks <john@math.nwu.edu>
Date: Thu, 29 Aug 1996 09:20:50 -0500 (CDT)
To: ben@algroup.co.uk
Cc: HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Message-Id: <Pine.SUN.3.91.960829091300.5244B-100000@hopf.math.nwu.edu>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/1512
On Thu, 29 Aug 1996, Ben Laurie (really Alexei Kosut) wrote:

> The problem here may be that no one actually *uses* digest auth. The
> problem is that these servers don't let you use both together. This is
> because both servers (indeed, pretty much all Unix HTTP servers that I
> know of) store Basic passwords crypted. This makes them unusable for
> Digest auth's purposes, which either needs the passwords in the clear or
> hashed. So the vast installed base of installed authentication cannot use
> digest (except in specific, intranet-like cases, where you are assured
> that the user is capable of supporting digest auth).

I don't understand this.

As you observe server support for digest auth is widely available.
The reason no one uses it is because it is not supported by Netscape
or MSIE -- period.  As long as this remains the case digest will never
be widely used.  All other pros and cons for digest are pretty much
irrelevant at this point.

John Franks 	Dept of Math. Northwestern University
Received on Thursday, 29 August 1996 07:25:50 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:18 UTC