- From: Ned Freed <NED@innosoft.com>
- Date: Tue, 20 Feb 1996 11:48:47 -0800 (PST)
- To: Peter J Churchyard <pjc@trusted.com>
- Cc: pjc@hilo.trusted.com, NED@innosoft.com, rtor@ansa.co.uk, fielding@avron.ICS.UCI.EDU, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> Does not map onto http very well. WWW-Auth/Authorization already provides > the basic framework. I apologise if this is not what you were talking about > and were discussing replaceing 1725's APOP with 1734. It is not what I was talking about. I was talking about APOP in POP3, not APOP in HTTP, here. I understand that AUTH doesn't map into HTTP very well, nor was I suggesting that it be so mapped. > As a firewall proxy implementor APOP has a very useful attribute. If the > firewall can auth the user, then the firewall can use the same info to > authenticate with an APOP server. APOP is one of the few existing mechanisms > that allow this and yet are strong. You still have not explained why APOP is superior to digest authentication in any way. You are going to have to address this if you expect this proposal to go anywhere. The ability to use a shared secret in multiple contexts is always an option regardless of the specifics of the scheme, and thus is not an advantage unique to APOP. Ned
Received on Tuesday, 20 February 1996 13:38:00 UTC