[7144] in www-talk@info.cern.ch
Re: No More Passwords In The Clear in HTTP!
daemon@ATHENA.MIT.EDU (Daniel W. Connolly)
Mon Jan 9 22:46:13 1995
Date: Tue, 10 Jan 1995 04:43:38 +0100
Errors-To: listmaster@www0.cern.ch
Reply-To: connolly@hal.com
From: "Daniel W. Connolly" <connolly@hal.com>
To: Multiple recipients of list <www-talk@www0.cern.ch>
In message <199501100038.QAA02915@neon.mcom.com>, Jon E. Mittelhauser writes:
>
>This proposal utilizes RSA MD5 encryption. If you have this
>capability, why not go all the way to SSL (or SHTTP)? It would
>make much more sense.
>
>>
>> 2. Use a commercial browser that supports the security
>> options (SHTTP, SSL, kerberos...) supported by the services
>
>I don't see how this proposal fixes this problem. It requires MD5 which
>will require a license from RSA. How does this not fall into your class
>2 space? As long as I am in that space, I would much prefer a protocol
>which has been widely adopted by the financial community (e.g. SSL).
MD5 technology is very different from the patented public key encyption.
It's just a secure hash function. There are others -- SHS, MD4, etc.
Anyway... the md5 source code is all over the place. There's an md5
module in the Python distribution, so I'm pretty sure there are no
prohobitive licensing restrictions.
Dan
