RE: Digest mess
Josh Cohen (joshco@microsoft.com)
Tue, 6 Jan 1998 18:16:09 -0800
My main point is that if digest does only one thing,
prevent cleartext passwords, I am content.
If we can fix the digest proposal to do just that
and continue to move to draft standard, then we
should to it.
--
Josh Cohen <joshco@microsoft.com>
Program Manager - Internet Technologies
> -----Original Message-----
> From: Ned Freed [mailto:Ned.Freed@innosoft.com]
> Sent: Tuesday, January 06, 1998 5:41 PM
> To: Josh Cohen
> Cc: 'Dave Kristol'; HTTP Working Group
> Subject: RE: Digest mess
>
>
> > I agree.
> > (feel free to correct me if Im wrong..)
>
> > There seems to be a lot of other protocols
> > or efforts which depend on HTTP um, security.
> > By having digest, they meet the IETF security
> > requirements, and may proceed.
> > If digest fails or comes out of the spec, this
> > will derail other efforts as well.
>
> Actually it could well be the other way around. If Digest continues on its
> present course and continues not to be implemented there are going to be
> problems moving to Draft Standard. And if Digest stalls at Proposed
> so will all
> the things that depend on it.
>
> On the other hand, if Digest is "fixed" the most that will happen is that
it
> will reset to proposed. This is not a big deal -- the most it will cause
is a
> delay. And if the "fix" facilitates implementation it will end up
facilitating
> the advancement of other work that depends on it.
>
> The point I'm trying to make here is that continuing on the present course
may
> be the one thing that really isn't an option. So the question then
becomes,
> which change to Digest that's currently under consideration will
facilitate
> deployment and hence help the process along? (I do not pretend to know the
> answer to this.)
>
> > I know that we're supposed to avoid favoring
> > "process" over technical soundness, but in this
> > case, I dont think that applies.
>
> I think process issues do apply, although the way in which they do
> may not be obvious.
>
> Ned
>