- From: Hallam-Baker <hallam@ai.mit.edu>
- Date: Tue, 15 Apr 1997 18:41:18 -0400 (EDT)
- To: Daniel DuBois <dan@spyglass.com>
- Cc: http-wg@cuckoo.hpl.hp.com
Please, SSL has nothing to do with Digest Authentication. It is not a replacement unless you believe that every password protected page should also be encrypted. The purpose of Digest is to allow people to stop using BASIC as soon as possible. Nothing else. SSL essentially defines a new protocol and a pretty complex one at that. SSL unfortunately provides a relatively weak form of security. It is great if your definition of security is the use of cryptography. It has no real model of how it should interact with firewalls for example - nobody sends encrypted data through the firewalls I have experience with, that is part of their purpose. Nor can data from an SSL transaction be cached by an intermediary. Phill
Received on Tuesday, 15 April 1997 15:43:15 UTC