- From: <jg@zorch.w3.org>
- Date: Thu, 19 Sep 96 15:16:34 -0400
- To: Alan Freier <freier@netscape.com>
- Cc: w3c-dist-auth@w3.org, Phil Karlton <karlton@netscape.com>
I agree with Alan; the biggest issue here as little to do with MD5 itself, which Ron Rivest thought it was ok for the purpose it is being used for in Digest authentication. But dealing with the political fallout as such attacks happen again and again is diverting from HTTP itself; we don't have the expertise here, and had better leverage the rest of the community that has to fight that battle (and can fight it better than we can, with real expertise). So having someone else run interference on the issues is the way for HTTP to be able to evolve without getting sidetracked again and again into the firedrill of the day and people who don't want things deployed for whatever reason. (and not just commercial reasons; the web has spilled into the point of international politics y of all sorts). - Jim
Received on Thursday, 19 September 1996 15:16:53 UTC