Re: APOP - authentication..

Roy said, commenting on Peter's mail:
] >
] > Various digest proposals have been proposed as weak subsets of SHTTP..
] > APOP is an existing standard. ...
]
] for transfer of mail, yes.  So?  You still have to translate the APOP
] authentication to an HTTP syntax.  All I am saying is that you might as
] well translate it into the Digest syntax, since there is zero chance
] of it being implemented in HTTP clients otherwise.

I'm waiting on the revised Digest I-D before forming an opinion on this 
one. We don't implement what was in the old version of  the I-D on 
Digest, and so we wouldn't have a problem choosing either. If there are 
lots of people implementing the old version, then we'd be swayed by the 
difficulty of their changing, all other things being equal (like degree 
of simplicity and level of security). But the ability to reuse 
mechanism between our POP3 server and HTTP server (even after 
translating to HTTP syntactical form) would be attractive.

Paul

Received on Tuesday, 20 February 1996 13:29:10 UTC