W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

RE: Digest mess

From: Jim Whitehead <ejw@ics.uci.edu>
Date: Thu, 8 Jan 1998 10:54:11 -0800
Message-Id: <01BD1C23.C0E973C0.ejw@ics.uci.edu>
To: "http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com" <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
On Thursday, January 08, 1998 9:13 AM, Jim Gettys [SMTP:jg@pa.dec.com] 
wrote:

*snip*
>
> Getting Digest done sooner rather than later will greatly reduce
> the long term interoperability problems we'll have to get passwords
> in the clear off the Internet, and allow us all to focus on the
> password setting problem with more breathing room...
>
> So I'm all for message integrity, but if I have to choose one or the
> other (password safety), I'd settle for password safety.  The discussion
> I'm seeing though, makes me think we may be able to have both...

Let me add my voice to those calling for limiting digest authentication to 
its original intent, *authentication*.  There is a clear and present need 
for non-cleartext passwords, and implementors appear willing to commit 
Digest authentication to code.  Let us move forward on this, and move 
message integrity concerns to a separate specification.

- Jim
Received on Thursday, 8 January 1998 11:07:38 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:10 EDT