W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: Digest Authentication, Netscape, and Microsoft

From: Ari Luotonen <luotonen@netscape.com>
Date: Tue, 15 Apr 1997 16:49:14 -0700 (PDT)
Message-Id: <199704152349.QAA16754@step.mcom.com>
To: Hallam-Baker <hallam@ai.mit.edu>
Cc: dan@spyglass.com, http-wg@cuckoo.hpl.hp.com

> Please, SSL has nothing to do with Digest Authentication. It is not
> a replacement unless you believe that every password protected page
> should also be encrypted.

SSL does allow a null-cipher -- in Netscape Servers it's enabled via
choice "No encryption, only MD5 message authentication".  This
provides certificate based authentication and message integrity on
HTTP data, but the data is not encrypted, so there's minimal overhead.

Cheers,
--
Ari Luotonen, Mail-Stop MV-061		Opinions my own, not Netscape's.
Netscape Communications Corp.		ari@netscape.com
501 East Middlefield Road		http://home.netscape.com/people/ari/
Mountain View, CA 94043, USA		Netscape Proxy Server Development
Received on Tuesday, 15 April 1997 16:52:04 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:34 EDT