From: michael shiplett <michael.shiplett@umich.edu>
Date: Wed, 21 Sep 94 07:38:45 PDT
To: paul@hawksbill.sprintmrn.com
Subject: HTTP authentication efforts
Message-ID: <199409211438.KAA19749@totalrecall.rs.itd.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain


"pf" == Paul Ferguson <paul@hawksbill.sprintmrn.com> writes:

pf> Does anyone know, on the off-chance, who is currently working on
pf> HTTP authentication processes for web browsing and Mosiac?

pf> Pointers appreciated.

    There is a www-security mailing list based at Rutgers
(majordomo@nsmx.rutgers.edu; list name of www-security). From the
introductory majordomo message:

    This list is intended for the discussion of World Wide Web
    security proposals, enhancements and issues.

    Ben Fried of Columbia posted to www-security some NCSA
httpd/xmosaic patches to allow Kerberos 4 authentication. The
University of Michigan is using these patches (with some bug fixes fed
back to Ben) and a similarly patched lynx browser for authenticated
web connections.

    I haven't looked at the code to know whether the network traffic
is encrypted or not.

michael