[JDEV] registering a new user

[Dustin Puryear]

Jens Alfke wrote:
>      Assuming a non-SSL client, wouldn't this make the use of digest
>      authentication a bit "too little, too late" in many situations?
> Any mechanism that could allow the client to securely transmit a password to the server in the absence of any prior shared secrets, would have to involve some sort of public-key crypto. This would make it nearly as complex as SSL, so why not just use SSL, which provides the additional benefit of encrypting the entire session including message contents?
> 

I was getting to that. I wonder what the real point of supporting digest
based authentication is when it can be circumvented before it's ever
used? I suppose it could be considered a weak backup to having the
entire stream encrypted from the beginning.

Regards, Dustin

-- 
Dustin Puryear <dpuryear at usa.net>
http://members.telocity.com/~dpuryear
In the beginning the Universe was created. 
This has been widely regarded as a bad move. - Douglas Adams