RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Paul Moore (paulmo@microsoft.com)
Fri, 9 Apr 1999 15:51:44 -0700

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Yuji Sasaki: "Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"
• Previous message: Paul Moore: "RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"

I dont think that I said anything about not paying attention to security.
I'll will remind you that I was the only one with working SSL3
implementations on client and server at the recent bake-off. I am very
concerned about it.

I was commenting that carl-uno's flowchart did not analyse the pros and cons
of the various security choices it merely said (and I paraphrase somewhat)
"We better do this becasue we wont get an RFC if we dont". I.e "even if it
sucks we'll do it anyway". BTW I'm not suggesting that anything does suck
either merely that being asked to turn my brain off to all logic other than
getting an RFC seemed too much.

-----Original Message-----
From: Larry Masinter [mailto:masinter@parc.xerox.com]
Sent: Friday, April 09, 1999 3:37 PM
To: Paul Moore
Cc: IETF-IPP; 'Manros, Carl-Uno B'; Michael Sweet
Subject: RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest
Authentication

> So no matter whether we think it makes sense or not the overriding thing
is
> to get an IETF standard

Paul,

The idea that it doesn't "make sense" to pay attention
to security considerations in implementing Internet
services is what led to the Melissa virus.

Regards,

Larry

• Next message: Yuji Sasaki: "Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"
• Previous message: Paul Moore: "RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster