Closed Bug 168942 Opened 22 years ago Closed 8 years ago

Digest authentication with integrity protection

Categories

(Core :: Networking, enhancement)

Product:
Core
Component:
Networking
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: emanuel.abb, Unassigned)

Details

(Keywords: helpwanted, Whiteboard: [digest-auth]) 

Mozilla supports digest authentication as a replacement for basic in HTTP/1.1.
Unfortunately, it doesn't support it completely as described in RFC2617, that
is, it doesn't implement integrity protection yet (qop=auth-int, includes a hash
of the body as well as the password/username to prevent the page transmitted
from being tempered with). 
It would really be useful if implemented, as I can't use SSL for performance
problems (embedded web server). I'm sure a lot of people would benefit from the
security increase it provides!
PS : The neon library (http://www.webdav.org/neon/) supports that all right, and
is free software as well!
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [digest-auth]
Target Milestone: --- → Future
not sure when this'll get fixed... future for now.
any plans for this?
OS: Windows 2000 → All
Hardware: PC → All
hmm... helpwanted.
Keywords: helpwanted
-> default owner
Assignee: darin → nobody
Status: ASSIGNED → NEW
Component: Networking: HTTP → Networking
QA Contact: networking.http → networking
Target Milestone: Future → ---
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.