W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Re: Digest mess

From: Phillip M. Hallam-Baker <hallam@ai.mit.edu>
Date: Thu, 8 Jan 1998 12:32:23 -0500
To: Jim Gettys <jg@pa.dec.com>, "David W. Morris" <dwm@xpasc.com>
Cc: Jim Gettys <jg@pa.dec.com>, Paul Leach <paulle@microsoft.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, Scott Lawrence <lawrence@agranat.com>
Message-Id: <01bd1c5b$60fb5e50$06060606@russell>
Jim writes,

>Getting Digest done sooner rather than later will greatly reduce
>the long term interoperability problems we'll have to get passwords
>in the clear off the Internet, and allow us all to focus on the
>password setting problem with more breathing room...

I agree entirely with Jim. We are attempting to solve a very
limited problem here. Digest was never intended to be more
than a minimal replacement for Basic. It was intended as an
interim measure to fill a major security holde while transaction 
layer security was developed. As it happened transport layer 
security has been successful.

I don't think it is worthwhile attempting to extend digest further.
The advantages of an extended digest scheme are unlikely
to compete with SSL or TLS and in any case cannot provide
the critical advantage of a transaction layer system - message
level non-repudiation.

Ongoing work in the S/MIME group leads me to believe that
this represents the logical platform of choice for transaction
layer security.


                Phill
Received on Thursday, 8 January 1998 09:38:48 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:10 EDT