W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Digest mess

From: John C. Mallery <jcma@ai.mit.edu>
Date: Wed, 17 Dec 1997 05:03:49 GMT
Message-Id: <199712171047.KAA03310@cuckoo.hpl.hp.com>
To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Cc: rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4986

Yea, and now Internet Explorer 4.0 has broken their digest implementation
form 3.0. Of course, netscape doesn't do digests.

Of course, digests never authenticated the transaction and return codes,
leaving them vulnerable to man-in-the-middle attacks.

Quite the mess.

A couple of simple fixes and this would be very useful.

What gives?

Received on Wednesday, 17 December 1997 02:49:52 UTC

This message: [ Message body ]
Next message: Andy Norman: "Administrivia: http-wg mailing list outage"
Previous message: Randy Turner: "Re: Digest mess"
Maybe in reply to: Roy T. Fielding: "Digest mess"
Next in thread: Scott Lawrence: "Re: Digest mess"
Reply: Scott Lawrence: "Re: Digest mess"
Reply: John Franks: "Re: Digest mess"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:16:29 UTC