Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Michael Sweet (mike@easysw.com)
Tue, 13 Apr 1999 13:40:07 -0400

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Wenn, John C: "RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"
• Previous message: Anthony Porter: "RE: IPP> Add IPP attributes to facilitate better job monitoring?"

Paul Leach wrote:
> ...
> True, but so does the client. It can (and should be able to be)
> configured with the lowest level of security it will accept, and if
> the server only offers less secure protocols than that, it refuses
> to connect.

This isn't really a negotiation, tho. The client can't change what
the server wants, and visa-versa...

> BTW: there is advantage to running Digest (instead of Basic), even
> with the weakest options, inside of TLS. Basic exposes your password
> to the server, whereas Digest server can store hashes of passwords
> that are realm specific, and so use of the same password in multiple
> realms isn't as big an exposure.
> ...

I agree that there are a lot of benefits with using Digest, but to
interface to an existing non-MD5-based authorization system you need
to use Basic so you have the original password text to work with.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike@easysw.com
Printing Software for UNIX                       http://www.easysw.com

• Next message: Wenn, John C: "RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"
• Previous message: Anthony Porter: "RE: IPP> Add IPP attributes to facilitate better job monitoring?"

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster