> -----Original Message-----
> From: Michael Sweet [mailto:mike at easysw.com]
> Sent: Saturday, April 10, 1999 5:01 PM
> To: Larry Masinter
> Cc: Paul Moore; IETF-IPP; Paul Leach
> Subject: Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest
> Authentication
>>> Larry Masinter wrote:
> > ...
> > No, RFC 2069 Digest is more secure than Basic because it doesn't
> > require sending the password in the clear.
>> Without auth-int you can spoof authorization with varying degrees of
> ease. Sure, you won't get the original password, but without auth-int
> you don't need it!
That's a non-sequiter. It does not contradict Larry's statement at all.
Digest with a strong password is proof against passive attacks (such as
sniffing). Basic isn't.
Paul