[dtl_security_gap] [Security_sig] Question 1 from the Paris F2F
Bastian, Waldo
waldo.bastian at intel.com
Wed Jun 15 04:45:14 PDT 2005
http digest authentication is supported in all major Linux browsers. If
you really care about security you will be using https instead of http
though, in which case the differences between the two are less relevant.
An area that could possibly use improvement is the support of client
side certificates. In that case authentication happens as part of the
https session negotiation.
See e.g.
http://www.derkeiler.com/Newsgroups/comp.security.misc/2002-04/0341.html
and
http://www.dartmouth.edu/~pkilab/pages/More_Using_Web_Res.html
Cheers,
Waldo
>-----Original Message-----
>From: security_sig-bounces at lists.osdl.org [mailto:security_sig-
>bounces at lists.osdl.org] On Behalf Of Mary Edie Meredith
>Sent: 14 June 2005 23:31
>To: Security SIG
>Subject: [dtl_security_gap] [Security_sig] Question 1 from the Paris
F2F
>
>A few Security type questions arose from the Face to Face
>meetings. I'd like to post them here so the answers will
>be public.
>
>This is the first one. Hopefully my notes will be clear:
>
>
>DCL attendees were under the impression that Http basic
>authentication is becoming more and more unacceptable.
>
>Users may have to move to the next higher level authentication.
>
>People didn't know if Linux browsers support the higher levels.
>
>So if http basic authentication becomes unacceptable, will
>Linux be in trouble?
>
>--
>Mary Edie Meredith
>maryedie at osdl.org
>503-906-1942
>Data Center Linux Initiative Manager
>Open Source Development Labs
More information about the security_sig
mailing list