Digest authentication with integrity protection

RESOLVED WONTFIX

Status

()

enhancement
RESOLVED WONTFIX
17 years ago
2 years ago

People

(Reporter: emanuel.abb, Unassigned)

Tracking

({helpwanted})

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [digest-auth])

Reporter

Description

17 years ago
Mozilla supports digest authentication as a replacement for basic in HTTP/1.1.
Unfortunately, it doesn't support it completely as described in RFC2617, that
is, it doesn't implement integrity protection yet (qop=auth-int, includes a hash
of the body as well as the password/username to prevent the page transmitted
from being tempered with). 
It would really be useful if implemented, as I can't use SSL for performance
problems (embedded web server). I'm sure a lot of people would benefit from the
security increase it provides!
PS : The neon library (http://www.webdav.org/neon/) supports that all right, and
is free software as well!

Updated

17 years ago
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [digest-auth]
Target Milestone: --- → Future

Comment 1

17 years ago
not sure when this'll get fixed... future for now.

Comment 2

15 years ago
any plans for this?
OS: Windows 2000 → All
Hardware: PC → All

Comment 3

15 years ago
hmm... helpwanted.
Keywords: helpwanted

Comment 4

13 years ago
-> default owner
Assignee: darin → nobody
Status: ASSIGNED → NEW
Component: Networking: HTTP → Networking
QA Contact: networking.http → networking
Target Milestone: Future → ---
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.