RE: Digest mess

On Thursday, January 08, 1998 9:13 AM, Jim Gettys [SMTP:jg@pa.dec.com] 
wrote:

*snip*
>
> Getting Digest done sooner rather than later will greatly reduce
> the long term interoperability problems we'll have to get passwords
> in the clear off the Internet, and allow us all to focus on the
> password setting problem with more breathing room...
>
> So I'm all for message integrity, but if I have to choose one or the
> other (password safety), I'd settle for password safety.  The discussion
> I'm seeing though, makes me think we may be able to have both...

Let me add my voice to those calling for limiting digest authentication to 
its original intent, *authentication*.  There is a clear and present need 
for non-cleartext passwords, and implementors appear willing to commit 
Digest authentication to code.  Let us move forward on this, and move 
message integrity concerns to a separate specification.

- Jim

Received on Thursday, 8 January 1998 11:07:38 UTC