IPP Mail Archive: RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Larry Masinter (masinter@parc.xerox.com)
Sat, 10 Apr 1999 11:38:00 PDT

> I'll have to check the latest (1.3.4?) version of Apache, but at
> least in 1.3.1 it appears that Apache only supports RFC 2069 Digest,
> which does not cover authentication of the message body (which is
> the only thing that really makes Digest more secure and authoritative
> than Basic).

No, RFC 2069 Digest is more secure than Basic because it doesn't
require sending the password in the clear.

However, qop=auth-int is a good idea. You might also want to consider
requiring MD5-sess in clients, since it would allow print servers
to use third-party authentication services without having to store
user passwords at all.

Larry

-- 
http://www.parc.xerox.com/masinter