IPP Mail Archive: RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Paul Leach (paulle@microsoft.com)
Tue, 13 Apr 1999 10:27:07 -0700

> -----Original Message-----
> From: Michael Sweet [mailto:mike@easysw.com]
> Sent: Monday, April 12, 1999 6:27 PM
> To: Larry Masinter
> Cc: Scott Lawrence; IETF-IPP; Paul Leach
> Subject: Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest
> Authentication
>
>
> > ...
> > Unfortunately, if you make things options and allow negotiation of
> > the options, you open up another security risk; a MITM attack that
>
> I'm not suggesting a negotiation; rather, the HTTP server responds
> with a challenge (Digest or Basic, depending on the link and server),
> and the clients must be able to support any/all Digest options.

This is fine by me.

It only leaves the question of which options are mandatory-to-implement, so
that independently developed implementations will always be able to
interoperate.

>
> The SERVER controls the type of authorization, not the client, so you
> won't have the opportunity to "downgrade" to a lower level of
> security.
> The server says, "my way or the highway"...

True, but so does the client. It can (and should be able to be) configured
with the lowest level of security it will accept, and if the server only
offers less secure protocols than that, it refuses to connect.

BTW: there is advantage to running Digest (instead of Basic), even with the
weakest options, inside of TLS. Basic exposes your password to the server,
whereas Digest server can store hashes of passwords that are realm specific,
and so use of the same password in multiple realms isn't as big an exposure.

Paul