IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Larry Masinter masinter at parc.xerox.com
Sat Apr 10 14:38:00 EDT 1999


> I'll have to check the latest (1.3.4?) version of Apache, but at
> least in 1.3.1 it appears that Apache only supports RFC 2069 Digest,
> which does not cover authentication of the message body (which is
> the only thing that really makes Digest more secure and authoritative
> than Basic).

No, RFC 2069 Digest is more secure than Basic because it doesn't
require sending the password in the clear.

However, qop=auth-int is a good idea. You might also want to consider
requiring MD5-sess in clients, since it would allow print servers
to use third-party authentication services without having to store
user passwords at all.

Larry
-- 
http://www.parc.xerox.com/masinter



More information about the Ipp mailing list