|
List Info Thread: RE: Next step on web phishing draft(draft-hartman-webauth-phishing-05.txt)
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
RE: Next step on web phishing draft(draft-hartman-webauth-phishing-05.txt) |
|
List Info Thread: RE: Next step on web phishing draft(draft-hartman-webauth-phishing-05.txt)
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
muada.com]
> During the reading of this document, it occurred to me
that
> HTTP digest authentication (RFC 2617) rather than the
widely
> used practice of having security credentials be typed
into an
> HTTP form would achieve 90% of the requirements all by
> itself.
Well maybe if people had listened to me then 
But at this point fifteen years later Digest is not the way
to go. First Digest was designed under the express
constraint of avoiding patent encumberances. RSA and D-H
were both off the table at the time.
If I was to redo Digest today or expand its scope I would do
it differently. The main reason I would not is that SAML and
WS-* both provide an excellent solution. I very much like
and support the Cardspace idea of building into the O/S
platform. I very much like the OpenID concept of making the
barrier to entry very low. I would like to arrive at a happy
combination of the existing proposals not see more proposals
put on the table at this point.
_______________________________________________
Ietf-http-auth mailing list
Ietf-http-auth