IPP Mail Archive: Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP Mail Archive: Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Ira McDonald (imcdonal@sdsp.mc.xerox.com)
Wed, 7 Apr 1999 23:09:39 -0400

Hi Keith and Mike,

A small clarification. The US government raised the export
restriction to 56-bit encryption in September 1998. And 56-bit
(even single round) is MUCH harder to break than 40-bit (according
to security professionals like Bruce Schneier in his bible
'Applied Cryptography').

Nonetheless, the problem of requiring Digest support in all
IPP server-side implementations (ie, printers and spoolers)
is that it makes the original IPP WG goal of a protocol that
can be built on EXISTING off-the-shelf HTTP software hopeless.

Cheers,
- Ira McDonald

(outside consultant at Xerox)
High North Inc