[Security_sig] Question 1 from the Paris F2F

Mary Edie Meredith maryedie at osdl.org
Tue Jun 14 15:10:39 PDT 2005


On Tue, 2005-06-14 at 15:06 -0700, Chris Wright wrote:
> * Mary Edie Meredith (maryedie at osdl.org) wrote:
> > A few Security type questions arose from the Face to Face 
> > meetings.  I'd like to post them here so the answers will
> > be public.
> > 
> > This is the first one.  Hopefully my notes will be clear:
> > 
> > 
> > DCL attendees were under the impression that Http basic 
> > authentication is becoming more and more unacceptable.
> 
> Under what circumstances?  HTTP basic auth is pretty weak because it
> passes text in the clear.  But it can be coupled with SSL to eliminate
> that weakness.  So any browser that does http and ssl will be fine (as
> in any normal Linux browser).

I'll get more clarification and return...
> 
> > Users may have to move to the next higher level authentication.
> > 
> > People didn't know if Linux browsers support the higher levels.
> 
> I don't know what higher levels are.  Is this meant to be some kind of
> directory lookup?  Need a better definition of the needs/requirements.
> 
> > So if http basic authentication becomes unacceptable, will 
> > Linux be in trouble?
> 
> I guess it depends on the specific authentication solution.  My hunch is
> no problem.
> 
> thanks,
> -chris
-- 
Mary Edie Meredith 
maryedie at osdl.org
503-906-1942
Data Center Linux Initiative Manager
Open Source Development Labs




More information about the security_sig mailing list