RE: Digest Authentication

Alan Kent writes:
> Bottom line is that I think that WebDAV does not need to specify
> a security scheme - it can just say to use normal HTTP security
> methods. It seems like an orthogonal issue to WebDAV to me.

The diversity of WebDAV deployment scenarios was one of the key drivers
behind RFC 2518 *not* mandating the *use* of a particular authentication
mechanism.  RFC 2518 merely states that implementations MUST implement
Digest, not that they must use it.

But, I believe Dylan is saying that the requirement to implement Digest is
causing his server to store passwords in the clear, and hence implementing
Digest (even if it isn't used) is causing him problems.

- Jim

Received on Tuesday, 16 October 2001 20:48:08 UTC