- From: Phillip M. Hallam-Baker <hallam@ai.mit.edu>
- Date: Thu, 8 Jan 1998 12:32:23 -0500
- To: Jim Gettys <jg@pa.dec.com>, "David W. Morris" <dwm@xpasc.com>
- Cc: Jim Gettys <jg@pa.dec.com>, Paul Leach <paulle@microsoft.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, Scott Lawrence <lawrence@agranat.com>
Jim writes,
>Getting Digest done sooner rather than later will greatly reduce
>the long term interoperability problems we'll have to get passwords
>in the clear off the Internet, and allow us all to focus on the
>password setting problem with more breathing room...
I agree entirely with Jim. We are attempting to solve a very
limited problem here. Digest was never intended to be more
than a minimal replacement for Basic. It was intended as an
interim measure to fill a major security holde while transaction
layer security was developed. As it happened transport layer
security has been successful.
I don't think it is worthwhile attempting to extend digest further.
The advantages of an extended digest scheme are unlikely
to compete with SSL or TLS and in any case cannot provide
the critical advantage of a transaction layer system - message
level non-repudiation.
Ongoing work in the S/MIME group leads me to believe that
this represents the logical platform of choice for transaction
layer security.
Phill
Received on Thursday, 8 January 1998 09:38:48 UTC