- From: Peter J Churchyard <pjc@trusted.com>
- Date: Tue, 20 Feb 1996 14:39:33 -0500 (EST)
- To: pjc <pjc@hilo.trusted.com>
- Cc: NED@innosoft.com, rtor@ansa.co.uk, fielding@avron.ICS.UCI.EDU, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
RFC1734 (POP3 AUTHentication command) Does not map onto http very well. WWW-Auth/Authorization already provides the basic framework. I apologise if this is not what you were talking about and were discussing replaceing 1725's APOP with 1734. In an http context 1734 uses several client - authpoint handshakes which does not easily fit into http. As a firewall proxy implementor APOP has a very useful attribute. If the firewall can auth the user, then the firewall can use the same info to authenticate with an APOP server. APOP is one of the few existing mechanisms that allow this and yet are strong. Pete. -- The TIS Network Security Products Group has moved! voice: 301-527-9500 x123 fax: 301-527-0482 2277 Research Boulevard, 5th Floor, Rockville, MD 20850
Received on Tuesday, 20 February 1996 13:34:53 UTC