- From: Owen Rees <rtor@ansa.co.uk>
- Date: Mon, 20 Mar 1995 17:35:34 +0000
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
"Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch> writes: > The problem is not just that the information is passed en-clair. Mallet > is able to bypass the authentication system so that he has greater > access than that of a pure passive lisner. Mallet may have been able to fool Alice into accessing her email on Bob's server, thus making it visible to anyone watching the traffic between Alice and Bob, but it is not clear that Mallet can do more than this unless there is some problem hidden in the words "uri sans proxy/routing" which lets Mallet fool Alice into using him as a proxy to Bob. To put himself in the access path, the problem for Mallet is to construct a URI which causes Alice to send the request to Mallet with a digest that contains a requested URI that Bob will honour. It is not clear how Mallet can do this unless Alice is happy to adopt an arbitrary proxy. Regards, Owen Rees <rtor@ansa.co.uk> Information about ANSA is at <URL:http://www.ansa.co.uk/>.
Received on Monday, 20 March 1995 09:46:11 UTC