W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Proposal for new HTTP 1.1 authentication scheme

From: Albert Lunde <albert-lunde@nwu.edu>
Date: Fri, 05 Dec 1997 12:34:48 CST
Message-Id: <199712051835.AA280336899@hplb.hpl.hp.com>
To: Eric_Houston/CAM/Lotus@lotus.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4850
> I was hoping to polish this proposal a little more before floating it
> externally, but alas, with the meeting on Monday, time did not permit.  I
> hope that I have at least stated my perspective well enough to stimulate
> discussion.

This sounda a lot like the old expired draft:

"Mediated Digest Authentication"

I wonder if you could do this all with one-way keyed hash functions, and
avoid the use of SSL, and thus export restrictions.

Someone would have to think about possible attacks involving
a bogus server.
Received on Friday, 5 December 1997 10:37:24 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:21 UTC