Scott Lawrence lawrence at agranat.com
Mon May 12 16:31:15 EDT 1997

SEC> RFC 2069: This provides some limited security services, mainly
SEC> only client side authentication.  Security specialists frown upon
SEC> this solution because it uses unencrypted user names and
SEC> passwords.  However, this solution could be used in combination
SEC> with a protocol that provides for secure transport.

  RFC 2069 does not transmit user names or passwords in any form - put
  simply, it transmits a cryptographic digest derived from the
  username, password, and a server generated challenge.  The
  authentication derives from the fact that the client cannot generate
  it correctly without knowing the user credentials.

SEC> SHTTP - Secure HTTP: Although on the IETF standards track, this
SEC> seems to lack some important features and does not seem to go
SEC> anywhere in the market place.

  Actually, I believe that it provides everything IPP would need
  (including non-repudiation - a service that has received too little
  attention), but it is true that it may not be getting enough support
  from the marketplace and doesn't seem to enjoy support in the IESG
  (I don't know why not).

Scott Lawrence           EmWeb Embedded Server       <lawrence at agranat.com>
Agranat Systems, Inc.        Engineering            http://www.agranat.com/

More information about the Ipp mailing list