- From: <jg@zorch.w3.org>
- Date: Wed, 28 Aug 96 09:35:05 -0400
- To: Lou Montulli <montulli@netscape.com>
- Cc: Michael Smith <ms@gf.org>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Lou Montulli writes: > Why would you ever want to use digest if you already have > certificate support? I think at least one reason is clear: Lack of export control hassles on hashing for authentication. This means we can make it universal, and stop passwords in the clear world-wide. And as the #1 (and I think #2) servers on the Internet are Apache and NCSA, which have no solution to the export problem available to them (as I understand it, the Apache folks had their arms twisted to even remove hooks for stronger forms of encryption or authentication), this is a Big Issue. It is far from clear to me that certificate support is universally available as a result of this action of the government. Even if the code were available worldwide, it can't just get dropped into a server distribution. - Jim Gettys
Received on Wednesday, 28 August 1996 06:37:23 UTC