[JDEV] registering a new user
Dustin Puryear
dpuryear at usa.net
Tue May 29 09:43:33 CDT 2001
temas wrote:
>
> Because many systems don't have autoregistration and might assign
> passwords, or use passwords already there. In that case digest is
> helpful.
Good point. Case closed.
Regards, Dustin
>
> --temas
>
> On 24 May 2001 12:25:34 -0500, Dustin Puryear wrote:
> > Jens Alfke wrote:
> > > Assuming a non-SSL client, wouldn't this make the use of digest
> > > authentication a bit "too little, too late" in many situations?
> > > Any mechanism that could allow the client to securely transmit a password to the server in the absence of any prior shared secrets, would have to involve some sort of public-key crypto. This would make it nearly as complex as SSL, so why not just use SSL, which provides the additional benefit of encrypting the entire session including message contents?
> > >
> >
> > I was getting to that. I wonder what the real point of supporting digest
> > based authentication is when it can be circumvented before it's ever
> > used? I suppose it could be considered a weak backup to having the
> > entire stream encrypted from the beginning.
> >
> > Regards, Dustin
> >
> > --
> > Dustin Puryear <dpuryear at usa.net>
> > http://members.telocity.com/~dpuryear
> > In the beginning the Universe was created.
> > This has been widely regarded as a bad move. - Douglas Adams
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
--
Dustin Puryear <dpuryear at usa.net>
http://members.telocity.com/~dpuryear
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams
More information about the JDev
mailing list