Digest complete but not finished

From: Robert Collins <robert.collins@dont-contact.us>
Date: Fri, 5 Jan 2001 14:28:52 +1100

Hi everyone,
    the auth_digest branch is now a complete (and AFICT rfc 2617 compliant) implementation. It does not implement all the optional
features - for example server authentication. It also does not offer response integrity checking (due to no trailer support as yet).

It interoperates with MS IE's digest implementation. However IE is not rfc 2617 compliant - they do not choose the strongest
authentication scheme they support so the user needs to configure squid to present digest before basic :-[

I have some more things I want/need to do to it before it is finished, but this announcement is to say "feel free to test. Nothing's
broken."

The things to do include tuning debug levels, fixing the odd memory leak.

I do _not_ intend to provide a back end integrated digesthelper. I have designed the protocol to be as secure as per the rfc's
suggestion, but code is needed in the user directory to store the H(A1) or the users plaintext password. That's life.

Rob
Received on Thu Jan 04 2001 - 20:17:56 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:10 MST