Re: still more Digest Authentication comments

According to Eric W. Sink:
> >>HTTP already uses MIME-64 encoding for converting octects to characters;
> >>I'd suggest that re-using the same encoding scheme would make sense
> >>(since servers are likely to include the code already, and it's also
> >>more compact that 4bits->1octect encoding).
> >
> >I agree. (and not just because its only a single line change in my code :-)
> >
> >MD5s are recognisable as base64 objects. Base16 is still appropriate for the
> >likes of timestamps and such though since they are genuinely numbers
> >rather than
> >blocks of random bits.
> I disagree.  I think the choice of base64 vs. base16 is purely arbitrary,
> since the space savings is hardly significant.  John Franks has already
> implemented Digest using base16 in his WN server.  Spyglass has already
> implemented Digest using base16 in our client, which is shipping.  My
> understanding is that Netscape has implemented Digest using base16 for a
> future release of their server.
> I see no compelling reason to change to base64.

I agree with Eric.  It is simpler and easier to implement base16. 
All else being equal Simple is Better.

John Franks

Received on Wednesday, 22 March 1995 12:46:47 UTC