IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Michael Sweet mike at easysw.com
Sat Apr 10 09:03:21 EDT 1999


Larry Masinter wrote:
> ...
> But the reports claim that Apache (http://www.apache.org), CL-HTTP
> http://wilson.ai.mit.edu/cl-http/cl-http.html), and WN
> (http://hopf.math.nwu.edu/)
> all implement Digest Authentication, although they didn't do much
> testing.

I'll have to check the latest (1.3.4?) version of Apache, but at
least in 1.3.1 it appears that Apache only supports RFC 2069 Digest,
which does not cover authentication of the message body (which is
the only thing that really makes Digest more secure and authoritative
than Basic).

> ...
> In summary, it looks like there is lots of official support for
> Digest Authentication, although some of these products are recent
> (IE 5 was just released) or only in beta (Windows 2000). However, if
> you're sufficiently motivated, I'm sure those who are interested can
> get their hands on the implementations to try them out.
> ...

I think we need to keep in mind that many products out there
implement Digest based on RFC 2069, but can't handle the message
body authentication in the current draft...

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike at easysw.com
Printing Software for UNIX                       http://www.easysw.com



More information about the Ipp mailing list