- From: Phillip M. Hallam-Baker <hallam@ai.mit.edu>
- Date: Tue, 16 Dec 1997 22:14:45 -0500
- To: rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
As the person who orginially proposed digest I have a few comments: 1) The spec has been arround for three years, people who have built up large databases of non system passwords hardly deserve much consideration. In any case passwords should be changed regularly, shaddow the damn database. 1a) If you are using Kerberos the last thing you want is BASIC authentication... 2) The purpose was to prevent the need to EVER send passwords over the net in the clear, not to provide cast iron security. The problem with BASIC is that pinheads chose the same password for their Financial times subscription as their office computer account. If I can snoop a companies external traffic for BASIC passwords I can probably use this for an attack. 3) It is astonishing how people will tolerate the incredibly broken (BASIC) and simultaneously spend their time inventing new hoops for attempts to provide a fix. I stopped adding whistles and bells when people told me they were concerned about the difficulty of implementing it. 4) The idea of password based authentication is inherently flawed. If one is going to use public key, certificates are the means to establish identity. Sending passwords to an untrustworthy server does not solve the 'pinhead' problem. Phill
Received on Tuesday, 16 December 1997 19:18:31 UTC