IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Wenn, John C jwenn at cp10.es.xerox.com
Tue Apr 13 16:49:41 EDT 1999


For authentication: 

	Digest is not perfectly secure (being vulnerable to some types of
active attacks and lack of integration with current server authentication
mechanisms), but it is an acceptable security solution.  

	Basic by itself is not acceptable, but may be acceptable if used
with an encrypted chanel (TLS+Basic).  

This discussion should be about what is the mandatory authentication scheme
that is both (*) has adequate security and (*) meets other IPP criteria
(usability, ease of implementation, etc.)

/John



More information about the Ipp mailing list