W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Digest mess

From: John C. Mallery <jcma@ai.mit.edu>
Date: Wed, 17 Dec 1997 05:03:49 GMT
Message-Id: <199712171047.KAA03310@cuckoo.hpl.hp.com>
To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Cc: rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Yea, and now Internet Explorer 4.0 has broken their digest implementation
form 3.0. Of course, netscape doesn't do digests.

Of course, digests never authenticated the transaction and return codes,
leaving them vulnerable to man-in-the-middle attacks.

Quite the mess.

A couple of simple fixes and this would be very useful.

What gives?
Received on Wednesday, 17 December 1997 02:49:52 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:05 EDT