Last Comment Bug 168942 - Digest authentication with integrity protection
: Digest authentication with integrity protection
Status: RESOLVED WONTFIX
[digest-auth]
: helpwanted
Product: Core
Classification: Components
Component: Networking (show other bugs)
: Trunk
: All All
: -- enhancement with 4 votes (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2002-09-16 06:33 PDT by Emanuel
Modified: 2016-01-05 08:31 PST (History)
7 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Emanuel 2002-09-16 06:33:06 PDT
Mozilla supports digest authentication as a replacement for basic in HTTP/1.1.
Unfortunately, it doesn't support it completely as described in RFC2617, that
is, it doesn't implement integrity protection yet (qop=auth-int, includes a hash
of the body as well as the password/username to prevent the page transmitted
from being tempered with). 
It would really be useful if implemented, as I can't use SSL for performance
problems (embedded web server). I'm sure a lot of people would benefit from the
security increase it provides!
PS : The neon library (http://www.webdav.org/neon/) supports that all right, and
is free software as well!
Comment 1 Darin Fisher 2002-09-16 11:32:07 PDT
not sure when this'll get fixed... future for now.
Comment 2 basic 2004-05-13 20:53:38 PDT
any plans for this?
Comment 3 Darin Fisher 2004-05-13 22:34:56 PDT
hmm... helpwanted.
Comment 4 Darin Fisher 2006-06-21 16:08:35 PDT
-> default owner

Note You need to log in before you can comment on or make changes to this bug.