Re: [moore@cs.utk.edu: http digest auth + http 1.1?]

jg@zorch.w3.org
Mon, 26 Aug 96 17:36:18 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeffrey Mogul: "Re: Confusion about Age: accuracy vs. safety"
Previous message: jg@zorch.w3.org: "Re: Confusion about Age: accuracy vs. safety"
In reply to: Dave Kristol: "Re: [moore@cs.utk.edu: http digest auth + http 1.1?]"
Next in thread: Henrik Frystyk Nielsen: "Re: [moore@cs.utk.edu: http digest auth + http 1.1?]"

I agree with Dave Krystol's position: if a client supports
authentication at all, it MUST support Digest.  This means that only
those supporting authentication must do work, keeping the simplest
web clients simple.

We have to get passwords in the clear out of use in the Web; naive people
tend to put their regular passwords into password fields, not understanding
the lack of security.
				- Jim

Next message: Jeffrey Mogul: "Re: Confusion about Age: accuracy vs. safety"
Previous message: jg@zorch.w3.org: "Re: Confusion about Age: accuracy vs. safety"
In reply to: Dave Kristol: "Re: [moore@cs.utk.edu: http digest auth + http 1.1?]"
Next in thread: Henrik Frystyk Nielsen: "Re: [moore@cs.utk.edu: http digest auth + http 1.1?]"