Re: RFC1734

RFC1734 (POP3 AUTHentication command)

Does not map onto http very well. WWW-Auth/Authorization already provides
the basic framework. I apologise if this is not what you were talking about
and were discussing replaceing 1725's APOP with 1734.

In an http context 1734 uses several client - authpoint handshakes
which does not easily fit into http.

As a firewall proxy implementor APOP has a very useful attribute. If the
firewall can auth the user, then the firewall can use the same info to
authenticate with an APOP server. APOP is one of the few existing mechanisms
that allow this and yet are strong.

The TIS Network Security Products Group has moved!
voice: 301-527-9500 x123 fax: 301-527-0482
2277 Research Boulevard, 5th Floor, Rockville, MD 20850

Received on Tuesday, 20 February 1996 13:34:53 UTC