Re: IPP> Re: PRO - Issue 32: Use of Basic & DigestAuthentication

Michael Sweet (mike@easysw.com)
Mon, 12 Apr 1999 13:25:25 -0400

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Michael Sweet: "Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"
• Previous message: Manros, Carl-Uno B: "RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"

Larry Masinter wrote:
> ...
> > 2. Its secure
>
> No, it has serious security problems in the context of a printing
> protocol. Maybe "its secure" for web browsing, but requiring the
> printer to hold passwords in the clear leads to several

And why would it need to? Most HTTP servers support encrypted
passwords using the UNIX crypt() function (this allows you to use the
server's main password file or a separate one). As long as you have
the original password text you can use ANY server-side encryption/
hashing on the password value you like (unlike Digest).

> ...
> Frankly, it seems like we're getting some knee-jerk responses.
> This isn't a popularity contest. The results actually have to
> work.
> ...

OK, so (besides IE5, which just came out) how many existing HTTP
clients support the full range of Digest options in the final HTTP
1.1 draft standard? I bet not many.

Basic has been supported for years...

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike@easysw.com
Printing Software for UNIX                       http://www.easysw.com

• Next message: Michael Sweet: "Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"
• Previous message: Manros, Carl-Uno B: "RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster