- From: Jim Whitehead <ejw@ics.uci.edu>
- Date: Thu, 8 Jan 1998 10:54:11 -0800
- To: "http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com" <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
On Thursday, January 08, 1998 9:13 AM, Jim Gettys [SMTP:jg@pa.dec.com] wrote: *snip* > > Getting Digest done sooner rather than later will greatly reduce > the long term interoperability problems we'll have to get passwords > in the clear off the Internet, and allow us all to focus on the > password setting problem with more breathing room... > > So I'm all for message integrity, but if I have to choose one or the > other (password safety), I'd settle for password safety. The discussion > I'm seeing though, makes me think we may be able to have both... Let me add my voice to those calling for limiting digest authentication to its original intent, *authentication*. There is a clear and present need for non-cleartext passwords, and implementors appear willing to commit Digest authentication to code. Let us move forward on this, and move message integrity concerns to a separate specification. - Jim
Received on Thursday, 8 January 1998 11:07:38 UTC