- From: Life is hard, and then you die <ronald@innovation.ch>
- Date: Wed, 2 Aug 2000 08:46:05 -0700
- To: James G Smith <JGSmith@tamu.edu>
- Cc: http-wg@cuckoo.hpl.hp.com
On Wed, Aug 02, 2000 at 09:34:07AM -0500, James G Smith wrote: > I think I recall some mention that security related issues were > not being dealt with by this group, but then I saw the RFC for > Basic and Digest Access Authentication among this groups RFCs... > > If this has been answered already, then a gentle reminder of > where I need to look will be sufficient :P > > +--- > | > | I would like to propose an extension to the HTTP standard to > include yet another authentication scheme. This would allow for > clients to use a third-party URL (third party being not the > client and not the site requiring authentication) to generate the > authentication credentials. [snip] Isn't the algorithm=MD5-sess in Digest auth sufficient? The A1 is basically your ticket. Or maybe I'm missing something. Cheers, Ronald
Received on Wednesday, 2 August 2000 08:52:21 UTC