W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: Digest Authentication

From: Jim Whitehead <ejw@cse.ucsc.edu>
Date: Tue, 16 Oct 2001 17:44:21 -0700
To: "WebDAV" <w3c-dist-auth@w3.org>
Message-ID: <AMEPKEBLDJJCCDEJHAMIGECBDJAA.ejw@cse.ucsc.edu>
Alan Kent writes:
> Bottom line is that I think that WebDAV does not need to specify
> a security scheme - it can just say to use normal HTTP security
> methods. It seems like an orthogonal issue to WebDAV to me.

The diversity of WebDAV deployment scenarios was one of the key drivers
behind RFC 2518 *not* mandating the *use* of a particular authentication
mechanism.  RFC 2518 merely states that implementations MUST implement
Digest, not that they must use it.

But, I believe Dylan is saying that the requirement to implement Digest is
causing his server to store passwords in the clear, and hence implementing
Digest (even if it isn't used) is causing him problems.

- Jim
Received on Tuesday, 16 October 2001 20:48:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT