RE: Digest Authentication from Dylan Barrell on 2001-10-23 (w3c-dist-auth@w3.org from October to December 2001)

From: Dylan Barrell <dbarrell@opentext.com>
Date: Tue, 23 Oct 2001 09:34:57 -0400
To: "Phillip Hallam-Baker" <hallam@ai.mit.edu>, "'WebDAV'" <w3c-dist-auth@w3.org>, "'Lisa Dusseault'" <lisa@xythos.com>
Message-ID: <NEBBIBDBCLDPAGPIKGMCKEKBEEAA.dbarrell@opentext.com>

> The excuses given for not supporting digest were unconvincing. You
> have an application that is not HTTP 1.1 compliant, so fix the thing.

Phillip - show me the arguments against - other than the fact that policy is
against it. For all I care, we can make NTLM authentication mandatory as
this does not have the drawbacks that Digest does. Or otherwise make SSL
mandatory. Digest authentication has ramifications for a server that are
UNACCEPTABLE in the real world. I am talking about 5 million users of our
product here - not one or two! I am talking about global 2000 companies! I
am talking about REAL objections that we face EVERY DAY at our customers!
This is not some academic discussion - this is the real world!

--Dylan

Received on Tuesday, 23 October 2001 09:36:34 UTC