[2924] in WWW Security List Archive
Re: S/KEY authentication over HTTP protocol
daemon@ATHENA.MIT.EDU (Mary Ellen Zurko)
Wed Sep 11 13:19:53 1996
To: "Brian W. Spolarich" <briansp@ans.net>
cc: LAI CHACK AN ITSC NCS <calai@ncspo3.ncs.com.sg>,
"'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>,
zurko@osf.org
In-reply-to: Your message of "Wed, 11 Sep 1996 09:03:59 EDT."
<Pine.GSO.3.94.960911090153.12656A-100000@thebrain.aa.ans.net>
Date: Wed, 11 Sep 1996 11:43:01 -0400
From: Mary Ellen Zurko <zurko@osf.org>
Errors-To: owner-www-security@ns2.rutgers.edu
> which provides encryption (weak or strong) of the entire session. I'd
> also like to see Kerberos support in HTTP. I believe I saw K4 and K5
> hooks in S-HTTP, but I haven't looked at the spec in a while.
Also, NCSA had a project to integrate Kerberos into its browser and
server. They had something prototyped that did authentication, but
not encryption, and had some hard-coded naming assumptions. I haven't
heard any update on it since.
Mez
