- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Mon, 06 Oct 2014 19:44:51 +1300
- To: ietf-http-wg@w3.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/10/2014 7:07 p.m., Willy Tarreau wrote: > On Sun, Oct 05, 2014 at 12:37:11PM -0400, Michael B Allen wrote: >> Could it be that the reason NTLM is still so popular is *because* >> it's stateful? > > No, simply because users don't have to enter a password a second > time, that's the *only* argument that was given to me by people who > break their network with it. It exists, is convenient, and is safe > *enough* for what admins think their network looks like. FYI, I have seen one other re-occuring "reason". That NTLM can be used even by machines not attached to the domain. Apparently they like the fact that it degrades silently down to a 8-bit encoding wrapper around username+password auth. A little different from Basic in ways that make it far less secure. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUMjpiAAoJELJo5wb/XPRjrlQH/RRLaqwZj34kshkaGEz4lKb9 GHu9bMzaqn6zqu2An94HPc3N7ZWtxW3eJkqq8J9lfKMSHCseCxMeBIc0SA7hW6rM xoJBhZ3W9KFQs5SdeagNB3ySUd3dlrRMKyJVtVoYe7lpCChFdqOwIqkEw+qz38KK 2cXT1ZaQ36Ok+TSdeXQMVS6f4rbq/pimtlfDlxZuV38b0zqJmrq2vxYC8ndro6kF M5577xoG5DibJnWtyy2ruPW6q/vWQrOPBJDk7orrxvc/nrxXlMPhYB3mmEWT+lWi zOfR9UCdt/LdpKMeHnHX/IqtJGyC9pBDf5AFA2mxyKX3CPIRR0PjjgfMo2SJWIA= =HsYL -----END PGP SIGNATURE-----
Received on Monday, 6 October 2014 06:45:36 UTC