W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: Digest Authentication

From: Jim Whitehead <ejw@cse.ucsc.edu>
Date: Mon, 22 Oct 2001 17:04:48 -0700
To: <mtimmerm@opentext.com>, "'Phillip Hallam-Baker'" <hallam@ai.mit.edu>, "'Dylan Barrell'" <dbarrell@opentext.com>, "'WebDAV'" <w3c-dist-auth@w3.org>
Message-ID: <AMEPKEBLDJJCCDEJHAMIIEJLDJAA.ejw@cse.ucsc.edu>
Let me note that the DAV WG was never given the mandate to develop new
authentication schemes, and we never wanted to.

There is widespread agreement that Digest has many drawbacks. Yet, as a
protocol specifier, I currently do not have an open protocol specification
free of IP restrictions that gives a more secure solution than Digest for
use with HTTP.

I, personally, have no interest in working on such a thing.

But, I know there are many people who are very interested in seeing a better
authentication scheme developed.

So, how much pain does this represent? Enough to start a working group to
develop a better alternative to Digest?

If so, I am more than happy to work with interested parties to get a
birds-of-a-feather (BOF) meeting scheduled on this topic at the next IETF,
and to help you with the process of forming a new working group.

- Jim
Received on Monday, 22 October 2001 20:08:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT