- From: Phillip M. Hallam-Baker <hallam@w3.org>
- Date: Tue, 16 Jan 96 22:33:54 -0500
- To: masinter@parc.xerox.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
>1- Submit as Proposed standard as part of HTTP/1.1 >2- Submit as Proposed standard as a separate document >3- Submit as Informational, as part of HTTP/1.0 >4- Submit as Informational, as a separate document >5- Don't handle as part of IETF >The problem with options 1 and 2 is whether such Proposed Standards >would have a chance of actually making it to Standard without change. >I don't think this will work out: the standards track really does >require us to propose solutions that don't have major holes, and if >we're not interested in fixing the known problems, trying to move >along standards track is inappropriate. Sorry for delay in replying to the above, for some reason movement in this area aways seems to happen while I'm on my Xmas Hols. The problem I have with Larry's argument is that a logical consequence would be REMOVE the existing BASIC scheme entirely. That has been my main concern all along. Basic authentication is the worst sort of security scheme - it prejudices other schemes. It is a trivial matter to write a sniffer and collect plenty of BASIC authentication passwords, many of which will be used for access to other systems. While I sympathise with Alan's comments suggesting improvements to DIGEST my problem is how to persuade people to stop providing a non solution as fast as possible. I propose that we accept the following proposals :- 1) Adding an algorithm parameter. 2) Describe in detail construction of nonces. Here there are a number of tricks already in use which ensure that a nonce is only valid for requests comming from a single TCP/IP address. The problem with the suggestion to sign headers is that it requires the Wrapping of a message. While I am in favour of such an approach I don't think I can get people to implement it :-( I'm looking at Alan's other proposals. What I want to avoid is having Digest stalled on the next great security solution which has not yet been coded. I consider it to have been a mistake to leave it out of HTTP/1.0. I would have prefered to see BASIC omited. I certainly reject Larry's claim that Digest does not add any appreciable security over Basic. This is very definitely NOT the case. The IETF has a very long history of blowing security by insisting that any proposed improvement overno security be perfect security. It has generally meant that the installed userbase has become fixed before perfection is achieved and hence we are left with SMTP, Telnet, NNTP and other hacker havens. -- Phillip M. Hallam-Baker Not speaking for anoyone else hallam@w3.org http://www.w3.org/hypertext/WWW/People/hallam.html Information Superhighway -----> Hi-ho! Yow! I'm surfing Arpanet!
Received on Wednesday, 17 January 1996 02:12:52 UTC