W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: Digest Authentication

From: Dylan Barrell <dbarrell@opentext.com>
Date: Tue, 23 Oct 2001 09:34:57 -0400
To: "Phillip Hallam-Baker" <hallam@ai.mit.edu>, "'WebDAV'" <w3c-dist-auth@w3.org>, "'Lisa Dusseault'" <lisa@xythos.com>
Message-ID: <NEBBIBDBCLDPAGPIKGMCKEKBEEAA.dbarrell@opentext.com> 


> The excuses given for not supporting digest were unconvincing. You
> have an application that is not HTTP 1.1 compliant, so fix the thing.

Phillip - show me the arguments against - other than the fact that policy is
against it. For all I care, we can make NTLM authentication mandatory as
this does not have the drawbacks that Digest does. Or otherwise make SSL
mandatory. Digest authentication has ramifications for a server that are
UNACCEPTABLE in the real world. I am talking about 5 million users of our
product here - not one or two! I am talking about global 2000 companies! I
am talking about REAL objections that we face EVERY DAY at our customers!
This is not some academic discussion - this is the real world!

--Dylan
Received on Tuesday, 23 October 2001 09:36:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT