- From: Phillip Hallam-Baker <hallam@gmail.com>
- Date: Wed, 9 Dec 2009 22:11:39 -0500
- To: Anthony Bryan <anthonybryan@gmail.com>
- Cc: Eran Hammer-Lahav <eran@hueniverse.com>, "ietf@ietf.org" <ietf@ietf.org>, "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Changing the digest algorithm in DIGEST is pointless. If you are going to make changes to align the scheme with modern practice you would replace the digest function with a MAC such as HMAC. But there really is no point in doing that because 1) Implementations would still be vulnerable to downgrade attacks. This is actually a problem with BASIC continuing to exist. 2) The on-the wire protocol is subject to a brute force attack over the space of possible passwords. Unless we can persuade people to use passwords longer than 25 characters that is going to be the weakest point in the system no matter what the algorithm is. 3) RSA is now out of patent, that was the main constraint on DIGEST, the algorithms had to be unencumbered. I would be more interested in doing something like using self signed SSL certs, putting a digest of the cert into the DNS and hoping that DNSSEC is un-doofused some time this century.
Received on Thursday, 10 December 2009 03:12:12 UTC