Re: Proposal for new HTTP 1.1 authentication scheme

Albert Lunde (albert-lunde@nwu.edu)
Fri, 05 Dec 1997 12:34:48 CST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Scott Lawrence: "Re: Proposal for new HTTP 1.1 authentication scheme"
Previous message: Eric_Houston/CAM/Lotus@lotus.com: "Proposal for new HTTP 1.1 authentication scheme"
In reply to: Eric_Houston/CAM/Lotus@lotus.com: "Proposal for new HTTP 1.1 authentication scheme"
Next in thread: Scott Lawrence: "Re: Proposal for new HTTP 1.1 authentication scheme"

> 
> I was hoping to polish this proposal a little more before floating it
> externally, but alas, with the meeting on Monday, time did not permit.  I
> hope that I have at least stated my perspective well enough to stimulate
> discussion.
> 

This sounda a lot like the old expired draft:

"Mediated Digest Authentication"
http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-mda-00.txt

I wonder if you could do this all with one-way keyed hash functions, and
avoid the use of SSL, and thus export restrictions.

Someone would have to think about possible attacks involving
a bogus server.

Next message: Scott Lawrence: "Re: Proposal for new HTTP 1.1 authentication scheme"
Previous message: Eric_Houston/CAM/Lotus@lotus.com: "Proposal for new HTTP 1.1 authentication scheme"
In reply to: Eric_Houston/CAM/Lotus@lotus.com: "Proposal for new HTTP 1.1 authentication scheme"
Next in thread: Scott Lawrence: "Re: Proposal for new HTTP 1.1 authentication scheme"