W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: Digest Authentication

From: Clemm, Geoff <gclemm@rational.com>
Date: Tue, 16 Oct 2001 11:46:53 -0400
Message-ID: <3906C56A7BD1F54593344C05BD1374B103F8ACB0@SUS-MA1IT01>
To: WebDAV <w3c-dist-auth@w3.org>
Are you sure you are not confusing digest authentication with basic
authentication?  With digest authentication, a server only needs to
expose its passwords in a cryptographically secure hash-coded form.

Cheers,
Geoff

-----Original Message-----
From: Dylan Barrell [mailto:dbarrell@opentext.com]
Sent: Tuesday, October 16, 2001 11:13 AM
To: WebDAV
Subject: Digest Authentication


I would like to propose a small change to the webDAV specification.

Digest Authentication requires that a server store its passwords in such a
way that they be available in clear text format.

Our experience with our customers has shown that this is TOTALLY
UNACCEPTABLE.

As a result, we will not be able to implement digest authentication in our
webDAV server.

I would like to propose that the Digest Authentication requirement be
demoted from mandatory to optional.

--Dylan
Received on Tuesday, 16 October 2001 11:47:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT