W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Proposal for new HTTP 1.1 authentication scheme

From: Albert Lunde <albert-lunde@nwu.edu>
Date: Fri, 05 Dec 1997 12:34:48 CST
Message-Id: <199712051835.AA280336899@hplb.hpl.hp.com>
To: Eric_Houston/CAM/Lotus@lotus.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> 
> I was hoping to polish this proposal a little more before floating it
> externally, but alas, with the meeting on Monday, time did not permit.  I
> hope that I have at least stated my perspective well enough to stimulate
> discussion.
> 

This sounda a lot like the old expired draft:

"Mediated Digest Authentication"
http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-mda-00.txt

I wonder if you could do this all with one-way keyed hash functions, and
avoid the use of SSL, and thus export restrictions.

Someone would have to think about possible attacks involving
a bogus server.
Received on Friday, 5 December 1997 10:37:24 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:04 EDT