The default bug view has changed. See this FAQ.

Digest authentication with integrity protection

RESOLVED WONTFIX

Status

()

Core
Networking
--
enhancement
RESOLVED WONTFIX
15 years ago
a year ago

People

(Reporter: Emanuel, Unassigned)

Tracking

({helpwanted})

Trunk
helpwanted
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [digest-auth])

(Reporter)

Description

15 years ago
Mozilla supports digest authentication as a replacement for basic in HTTP/1.1.
Unfortunately, it doesn't support it completely as described in RFC2617, that
is, it doesn't implement integrity protection yet (qop=auth-int, includes a hash
of the body as well as the password/username to prevent the page transmitted
from being tempered with). 
It would really be useful if implemented, as I can't use SSL for performance
problems (embedded web server). I'm sure a lot of people would benefit from the
security increase it provides!
PS : The neon library (http://www.webdav.org/neon/) supports that all right, and
is free software as well!

Updated

15 years ago
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [digest-auth]
Target Milestone: --- → Future

Comment 1

15 years ago
not sure when this'll get fixed... future for now.

Comment 2

13 years ago
any plans for this?
OS: Windows 2000 → All
Hardware: PC → All

Comment 3

13 years ago
hmm... helpwanted.
Keywords: helpwanted

Comment 4

11 years ago
-> default owner
Assignee: darin → nobody
Status: ASSIGNED → NEW
Component: Networking: HTTP → Networking
QA Contact: networking.http → networking
Target Milestone: Future → ---
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.