On Wed, 6 Aug 1997, David Jablon wrote: > Gentlemen, > > I support your goal of replacing the clear-text > password method in HTTP with something stronger, but I > wonder about why you didn't consider something stronger. > Several password-based protocols are known that > are much better than the one described in this > document: > To quote from the draft: "Digest Authentication does not provide a strong authentication mechanism. That is not its intent. It is intended solely to replace a much weaker and even more dangerous authentication mechanism: Basic Authentication. An important design constraint is that the new authentication scheme be free of patent and export restrictions." The necessity to avoid any patent and export restrictions is fundamental. In particular, protocols which make any use of public-key techniques are not acceptable. John Franks Dept of Math. Northwestern University john@math.nwu.eduReceived on Wednesday, 6 August 1997 07:13:52 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:50 EDT