Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

On Tue, Dec 30, 2014 at 5:26 PM, Eric J. Bowman <eric@bisonsystems.net> wrote:

>> TLS is the transport layer security protocol we have. It is widely
>> supported and deployed.
>
> So is HTTP-Digest. Whether content is encrypted or not, Authentication
> headers seem a better solution to me than HTTPS-secured cookies.

Please explain how HTTP-Digest is robust against active network
attackers tampering with the HTTP requests and responses (including
both headers and bodies).

Received on Wednesday, 31 December 2014 01:30:37 UTC