[JDEV] registering a new user
temas
temas at box5.net
Mon May 28 10:36:50 CDT 2001
Because many systems don't have autoregistration and might assign
passwords, or use passwords already there. In that case digest is
helpful.
--temas
On 24 May 2001 12:25:34 -0500, Dustin Puryear wrote:
> Jens Alfke wrote:
> > Assuming a non-SSL client, wouldn't this make the use of digest
> > authentication a bit "too little, too late" in many situations?
> > Any mechanism that could allow the client to securely transmit a password to the server in the absence of any prior shared secrets, would have to involve some sort of public-key crypto. This would make it nearly as complex as SSL, so why not just use SSL, which provides the additional benefit of encrypting the entire session including message contents?
> >
>
> I was getting to that. I wonder what the real point of supporting digest
> based authentication is when it can be circumvented before it's ever
> used? I suppose it could be considered a weak backup to having the
> entire stream encrypted from the beginning.
>
> Regards, Dustin
>
> --
> Dustin Puryear <dpuryear at usa.net>
> http://members.telocity.com/~dpuryear
> In the beginning the Universe was created.
> This has been widely regarded as a bad move. - Douglas Adams
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
More information about the JDev
mailing list