W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

Digest Authentication

From: Dylan Barrell <dbarrell@opentext.com>
Date: Tue, 16 Oct 2001 11:12:37 -0400
To: "WebDAV" <w3c-dist-auth@w3.org>
Message-ID: <NEBBIBDBCLDPAGPIKGMCMEBCEEAA.dbarrell@opentext.com> 
I would like to propose a small change to the webDAV specification.

Digest Authentication requires that a server store its passwords in such a
way that they be available in clear text format.

Our experience with our customers has shown that this is TOTALLY
UNACCEPTABLE.

As a result, we will not be able to implement digest authentication in our
webDAV server.

I would like to propose that the Digest Authentication requirement be
demoted from mandatory to optional.

--Dylan
Received on Tuesday, 16 October 2001 11:14:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT