W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Digest mess

From: John C. Mallery <jcma@ai.mit.edu>
Date: Wed, 17 Dec 1997 05:03:49 GMT
Message-Id: <199712171047.KAA03310@cuckoo.hpl.hp.com>
To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Cc: rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4986
Yea, and now Internet Explorer 4.0 has broken their digest implementation
form 3.0. Of course, netscape doesn't do digests.

Of course, digests never authenticated the transaction and return codes,
leaving them vulnerable to man-in-the-middle attacks.

Quite the mess.

A couple of simple fixes and this would be very useful.

What gives?
Received on Wednesday, 17 December 1997 02:49:52 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:21 UTC