[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns
faceprint at faceprint.com
Tue May 27 22:03:53 UTC 2003
On Tue, May 27, 2003 at 03:26:37PM -0600, Dave Smith wrote:
> To clarify, one more time, we're talking about sending a digest of the
> digest and a one time session identifier over the wire.
> digest auth == SHA1(stream id + password-plaintext)
> edigest auth == SHA1(stream id + SHA1(password-plaintext))
> This would mean that one never sends the plaintext password over the
> wire, even for registration.
Which BREAKS the ability to do plaintext or digest auth. It's backwards
IN-compatable, making it not the right way to go about things.
Nathan Walp || faceprint at faceprint.com
GPG Fingerprint: || http://faceprint.com/
5509 6EF3 928B 2363 9B2B DA17 3E46 2CDC 492D DB7E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Standards