W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: Digest Authentication, Netscape, and Microsoft

From: Hallam-Baker <hallam@ai.mit.edu>
Date: Tue, 15 Apr 1997 18:41:18 -0400 (EDT)
Message-Id: <199704152241.SAA12327@muesli.ai.mit.edu>
To: Daniel DuBois <dan@spyglass.com>
Cc: http-wg@cuckoo.hpl.hp.com
Please, SSL has nothing to do with Digest Authentication. It is not
a replacement unless you believe that every password protected page
should also be encrypted.

The purpose of Digest is to allow people to stop using BASIC as soon
as possible. Nothing else. SSL essentially defines a new protocol and
a pretty complex one at that.


SSL unfortunately provides a relatively weak form of security. It
is great if your definition of security is the use of cryptography.
It has no real model of how it should interact with firewalls for
example - nobody sends encrypted data through the firewalls I have
experience with, that is part of their purpose. Nor can data from 
an SSL transaction be cached by an intermediary.


	Phill
Received on Tuesday, 15 April 1997 15:43:15 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:34 EDT