[Security_sig] Question 1 from the Paris F2F

Chris Wright chrisw at osdl.org
Tue Jun 14 15:06:09 PDT 2005


* Mary Edie Meredith (maryedie at osdl.org) wrote:
> A few Security type questions arose from the Face to Face 
> meetings.  I'd like to post them here so the answers will
> be public.
> 
> This is the first one.  Hopefully my notes will be clear:
> 
> 
> DCL attendees were under the impression that Http basic 
> authentication is becoming more and more unacceptable.

Under what circumstances?  HTTP basic auth is pretty weak because it
passes text in the clear.  But it can be coupled with SSL to eliminate
that weakness.  So any browser that does http and ssl will be fine (as
in any normal Linux browser).

> Users may have to move to the next higher level authentication.
> 
> People didn't know if Linux browsers support the higher levels.

I don't know what higher levels are.  Is this meant to be some kind of
directory lookup?  Need a better definition of the needs/requirements.

> So if http basic authentication becomes unacceptable, will 
> Linux be in trouble?

I guess it depends on the specific authentication solution.  My hunch is
no problem.

thanks,
-chris



More information about the security_sig mailing list