- From: Phillip M. Hallam-Baker <hallam@ai.mit.edu>
- Date: Tue, 16 Dec 1997 22:14:45 -0500
- To: rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
As the person who orginially proposed digest I have a few comments:
1) The spec has been arround for three years, people who have built
up large databases of non system passwords hardly deserve much
consideration. In any case passwords should be changed regularly,
shaddow the damn database.
1a) If you are using Kerberos the last thing you want is BASIC
authentication...
2) The purpose was to prevent the need to EVER send passwords
over the net in the clear, not to provide cast iron security.
The problem with BASIC is that pinheads chose the same password
for their Financial times subscription as their office computer account.
If I can snoop a companies external traffic for BASIC passwords I can
probably use this for an attack.
3) It is astonishing how people will tolerate the incredibly broken (BASIC)
and simultaneously spend their time inventing new hoops for attempts to
provide a fix. I stopped adding whistles and bells when people told me
they were concerned about the difficulty of implementing it.
4) The idea of password based authentication is inherently flawed. If
one is going to use public key, certificates are the means to establish
identity. Sending passwords to an untrustworthy server does not solve
the 'pinhead' problem.
Phill
Received on Tuesday, 16 December 1997 19:18:31 UTC