RE: Digest Authentication

Are you sure you are not confusing digest authentication with basic
authentication?  With digest authentication, a server only needs to
expose its passwords in a cryptographically secure hash-coded form.

Cheers,
Geoff

-----Original Message-----
From: Dylan Barrell [mailto:dbarrell@opentext.com]
Sent: Tuesday, October 16, 2001 11:13 AM
To: WebDAV
Subject: Digest Authentication


I would like to propose a small change to the webDAV specification.

Digest Authentication requires that a server store its passwords in such a
way that they be available in clear text format.

Our experience with our customers has shown that this is TOTALLY
UNACCEPTABLE.

As a result, we will not be able to implement digest authentication in our
webDAV server.

I would like to propose that the Digest Authentication requirement be
demoted from mandatory to optional.

--Dylan

Received on Tuesday, 16 October 2001 11:47:34 UTC