Re: still more Digest Authentication comments

John Franks (john@math.nwu.edu)
Wed, 22 Mar 1995 14:30:49 -0600 (CST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Albert Lunde: "Re: still more Digest Authentication comments"
Previous message: Eric W. Sink: "Re: still more Digest Authentication comments"
In reply to: Eric W. Sink: "Re: still more Digest Authentication comments"
Next in thread: Albert Lunde: "Re: still more Digest Authentication comments"

According to Eric W. Sink:
> >>HTTP already uses MIME-64 encoding for converting octects to characters;
> >>I'd suggest that re-using the same encoding scheme would make sense
> >>(since servers are likely to include the code already, and it's also
> >>more compact that 4bits->1octect encoding).
> >
> >I agree. (and not just because its only a single line change in my code :-)
> >
> >MD5s are recognisable as base64 objects. Base16 is still appropriate for the
> >likes of timestamps and such though since they are genuinely numbers
> >rather than
> >blocks of random bits.
> 
> I disagree.  I think the choice of base64 vs. base16 is purely arbitrary,
> since the space savings is hardly significant.  John Franks has already
> implemented Digest using base16 in his WN server.  Spyglass has already
> implemented Digest using base16 in our client, which is shipping.  My
> understanding is that Netscape has implemented Digest using base16 for a
> future release of their server.
> 
> I see no compelling reason to change to base64.
> 

I agree with Eric.  It is simpler and easier to implement base16. 
All else being equal Simple is Better.

John Franks

Next message: Albert Lunde: "Re: still more Digest Authentication comments"
Previous message: Eric W. Sink: "Re: still more Digest Authentication comments"
In reply to: Eric W. Sink: "Re: still more Digest Authentication comments"
Next in thread: Albert Lunde: "Re: still more Digest Authentication comments"