IPP Mail Archive: Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP Mail Archive: Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Michael Sweet (mike@easysw.com)
Sat, 10 Apr 1999 09:03:21 -0400

Larry Masinter wrote:
> ...
> But the reports claim that Apache (http://www.apache.org), CL-HTTP
> http://wilson.ai.mit.edu/cl-http/cl-http.html), and WN
> (http://hopf.math.nwu.edu/)
> all implement Digest Authentication, although they didn't do much
> testing.

I'll have to check the latest (1.3.4?) version of Apache, but at
least in 1.3.1 it appears that Apache only supports RFC 2069 Digest,
which does not cover authentication of the message body (which is
the only thing that really makes Digest more secure and authoritative
than Basic).

> ...
> In summary, it looks like there is lots of official support for
> Digest Authentication, although some of these products are recent
> (IE 5 was just released) or only in beta (Windows 2000). However, if
> you're sufficiently motivated, I'm sure those who are interested can
> get their hands on the implementations to try them out.
> ...

I think we need to keep in mind that many products out there
implement Digest based on RFC 2069, but can't handle the message
body authentication in the current draft...

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike@easysw.com
Printing Software for UNIX                       http://www.easysw.com