W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

RE: Some comments on Digest Auth

From: Dave Kristol <dmk@research.bell-labs.com>
Date: Tue, 20 Jan 98 15:59:20 EST
Message-Id: <9801202059.AA27821@aleatory.tempo.bell-labs.com>
To: paulle@microsoft.com
Cc: http-wg@cuckoo.hpl.hp.com
Paul Leach wrote:
  > > [DMK:]
  > > So let me hark back to the discussion of a few weeks ago.  Let's not
  > > try to make Digest do something it was not intended to do.  Let's
  > > hold replay-proof Digest for digest-ng discussions.
  > > 
  > No.
  > 
  > A replayable Digest is just as bad as Basic.

Let me say the same thing differently:  A replayable Digest is no worse
than Basic.  And it has the merit that it eliminates cleartext passwords.
That's all we were trying to do.

Dave Kristol
Received on Tuesday, 20 January 1998 13:01:45 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:11 EDT