- From: John C. Mallery <jcma@ai.mit.edu>
- Date: Wed, 17 Dec 1997 05:03:49 GMT
- To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
- Cc: rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Yea, and now Internet Explorer 4.0 has broken their digest implementation form 3.0. Of course, netscape doesn't do digests. Of course, digests never authenticated the transaction and return codes, leaving them vulnerable to man-in-the-middle attacks. Quite the mess. A couple of simple fixes and this would be very useful. What gives?
Received on Wednesday, 17 December 1997 02:49:52 UTC