Re: still more Digest Authentication comments

> 
> >>HTTP already uses MIME-64 encoding for converting octects to characters;
> >>I'd suggest that re-using the same encoding scheme would make sense
> >>(since servers are likely to include the code already, and it's also
> >>more compact that 4bits->1octect encoding).
> >
> >I agree. (and not just because its only a single line change in my code :-)
> >
> >MD5s are recognisable as base64 objects. Base16 is still appropriate for the
> >likes of timestamps and such though since they are genuinely numbers
> >rather than
> >blocks of random bits.
> 
> I disagree.  I think the choice of base64 vs. base16 is purely arbitrary,
> since the space savings is hardly significant.  John Franks has already
> implemented Digest using base16 in his WN server.  Spyglass has already
> implemented Digest using base16 in our client, which is shipping.  My
> understanding is that Netscape has implemented Digest using base16 for a
> future release of their server.
> 
> I see no compelling reason to change to base64.

This is not the first use of something like MD5 authentication
in Internet protocols (i.e. APOP in POP3) ... are there precidents
from other RFCs?



-- 
    Albert Lunde                      Albert-Lunde@nwu.edu

Received on Wednesday, 22 March 1995 13:19:53 UTC