- From: Eric W. Sink <eric@rafiki.spyglass.com>
- Date: Wed, 03 Jan 1996 09:49:40 -0600
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
I'd like to welcome new contributors to the discussion on Digest authentication, and give you a bit of history behind this proposed authentication mechanism. Digest was conceived with a very simple purpose, to meet a need for Spyglass and one of its partners. The goal was to design a simple mechanism for authentication using a shared secret password, but make it somewhat stronger than Basic authentication. For all practical purposes, sending a uuencoded password is just like sending it in the clear, right? Digest definitely has holes and limitations. We did not set out to design a Great authentication scheme. We set out to design a Better authentication scheme. Since doing so, I've noticed a great deal of interest in designing a Great authentication scheme, and the Digest drafts tend to act as a magnet for that interest. I'd like to suggest that if this group thinks a Great auth scheme should be part of the HTTP protocol, then I think a subgroup should design one, but call it something other than Digest. If the group thinks that Digest is adequate for inclusion in the protocol, then it is certainly available. We would appreciate it if you did not change Digest in a non-compatible fashion. There are a number of shipping implementations of this scheme now, and if this group adopts any scheme which is called Digest, then I would like to ensure that those implementations interoperate with whatever comes out. -- Eric W. Sink eric@spyglass.com
Received on Wednesday, 3 January 1996 07:47:52 UTC