IPP Mail Archive: RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP Mail Archive: RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Larry Masinter (masinter@parc.xerox.com)
Sat, 10 Apr 1999 00:24:12 PDT

Carl-Uno asked me who has implemented Digest Authentication, so I did a little
looking around. While I was at it, I looked for HTTP implementations of TLS.

There's a nice article on HTTP authentication at:

It explains some of the benefits of Digest Authentication. It also says that
Digest authentication support was introduced in Internet Explorer 5.

sp says that Windows 2000 implements digest authentication.

http://msdn.microsoft.com/standards/top150/security.htm claims that Internet
Explorer 5.0, Windows 2000 and Windows CE all support TLS, too.

As for other browsers and servers, you can gather some information from HTTP
implementation reports at http://www.w3.org/Protocols/HTTP/Forum/Reports/. The
implementation reports are a snapshot from a while ago, though, and not everyone
with products reported.

But the reports claim that Apache (http://www.apache.org), CL-HTTP
http://wilson.ai.mit.edu/cl-http/cl-http.html), and WN
all implement Digest Authentication, although they didn't do much testing.

If you're stuck with an older server that doesn't implement Digest
Authentication, there are some hints on how to add it:
explains how you could add Digest Authentication to Microsoft's IIS, for

The Java Web Server 1.1
(http://www.javasoft.com/marketing/collateral/jws_ds.html) claims to implement
digest authentication.

In summary, it looks like there is lots of official support for Digest
Authentication, although some of these products are recent (IE 5 was just
released) or only in beta (Windows 2000). However, if you're sufficiently
motivated, I'm sure those who are interested can get their hands on the
implementations to try them out.