[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: WebDAV
|
From: |
Robin Green |
|
Subject: |
Re: [Gnu-arch-users] Re: WebDAV |
|
Date: |
Fri, 9 Apr 2004 21:36:22 +0100 |
|
User-agent: |
Mutt/1.5.4i |
On Fri, Apr 09, 2004 at 03:51:35PM -0400, Colin Walters wrote:
> > Hmm, sounds like it might actually be more secure than HTTPS in practice
> > for this purpose, because the password can't be stolen even by a man
> > in the middle, and nor can a man in the middle interfere with a request.
>
> Not true. See:
> http://ftp.ics.uci.edu/pub/ietf/http/rfc2617.txt
>
> Section 4.8 and further.
It seems if you demand only digest authentication and use cnonce you're fairly
safe against all those attacks. Not plausible for ordinary users using a web
browser, but perfectly plausible for tla users.
Not "failsafe" though.
--
Robin
pgpwvO5HjLQF5.pgp
Description: PGP signature
- [Gnu-arch-users] Re: WebDAV, (continued)
- Re: [Gnu-arch-users] Re: WebDAV, Robin Green, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Dustin Sallings, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Robin Green, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Charles Duffy, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Colin Walters, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV,
Robin Green <=
- Re: [Gnu-arch-users] Re: WebDAV, Colin Walters, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Andrew Suffield, 2004/04/09