On Tuesday 05 November 2002 23.56, Robert Collins wrote:
> Well, the digest authentication code uses MD5 to prevent password
> sniffing (see src/auth/digest, and also rfc 2617). Another option
> that may be of interest is implementing GSSAPI SPNEGO into squid -
> an I-D exists for this:
>
> http://www.ietf.org/internet-drafts/draft-brezak-spnego-http-04.txt
Interesting.. same basic design error as in NTLM over HTTP. Connection
oriented authentication sheme, not message oriented. But something
they have learned.. to document the requirement and add HTTP
extensions to support it in a reasonably safe manner (but they have
forgot to use the Connection: header to protect the extension from
proxies).
Regards
Henrik
Received on Tue Nov 05 2002 - 17:15:45 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:38 MST