[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: WebDAV

From: Robin Green
Subject: Re: [Gnu-arch-users] Re: WebDAV
Date: Fri, 9 Apr 2004 21:36:22 +0100
User-agent: Mutt/1.5.4i

On Fri, Apr 09, 2004 at 03:51:35PM -0400, Colin Walters wrote:
> > Hmm, sounds like it might actually be more secure than HTTPS in practice
> > for this purpose, because the password can't be stolen even by a man
> > in the middle, and nor can a man in the middle interfere with a request.
> Not true.  See:
> Section 4.8 and further.

It seems if you demand only digest authentication and use cnonce you're fairly
safe against all those attacks. Not plausible for ordinary users using a web
browser, but perfectly plausible for tla users.

Not "failsafe" though.

Attachment: pgpwvO5HjLQF5.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]