- From: Jim Whitehead <ejw@cse.ucsc.edu>
- Date: Mon, 22 Oct 2001 17:04:48 -0700
- To: <mtimmerm@opentext.com>, "'Phillip Hallam-Baker'" <hallam@ai.mit.edu>, "'Dylan Barrell'" <dbarrell@opentext.com>, "'WebDAV'" <w3c-dist-auth@w3.org>
Let me note that the DAV WG was never given the mandate to develop new authentication schemes, and we never wanted to. There is widespread agreement that Digest has many drawbacks. Yet, as a protocol specifier, I currently do not have an open protocol specification free of IP restrictions that gives a more secure solution than Digest for use with HTTP. I, personally, have no interest in working on such a thing. But, I know there are many people who are very interested in seeing a better authentication scheme developed. So, how much pain does this represent? Enough to start a working group to develop a better alternative to Digest? If so, I am more than happy to work with interested parties to get a birds-of-a-feather (BOF) meeting scheduled on this topic at the next IETF, and to help you with the process of forming a new working group. - Jim
Received on Monday, 22 October 2001 20:08:42 UTC