Re: No More Passwords In The Clear in HTTP!

Daniel W. Connolly (connolly@hal.com)
Tue, 10 Jan 1995 04:41:47 +0100

In message <199501100038.QAA02915@neon.mcom.com>, Jon E. Mittelhauser writes:
>
>This proposal utilizes RSA MD5 encryption. If you have this
>capability, why not go all the way to SSL (or SHTTP)? It would
>make much more sense.
>
>>
>> 2. Use a commercial browser that supports the security
>> options (SHTTP, SSL, kerberos...) supported by the services
>
>I don't see how this proposal fixes this problem. It requires MD5 which
>will require a license from RSA. How does this not fall into your class
>2 space? As long as I am in that space, I would much prefer a protocol
>which has been widely adopted by the financial community (e.g. SSL).

MD5 technology is very different from the patented public key encyption.
It's just a secure hash function. There are others -- SHS, MD4, etc.

Anyway... the md5 source code is all over the place. There's an md5
module in the Python distribution, so I'm pretty sure there are no
prohobitive licensing restrictions.

Dan