Re: CGI and REMOTE_USER (Rob McCool)
Message-id: <>
From: (Rob McCool)
Date: Tue, 25 Jan 1994 18:39:06 -0600
In-Reply-To: "M. Strata Rose" <strata@fenchurch.MIT.EDU>
       "Re: CGI and REMOTE_USER" (Jan 25,  7:33pm)
X-Mailer: Mail User's Shell (7.2.5 10/14/92)
To: strata@fenchurch.MIT.EDU
Subject: Re: CGI and REMOTE_USER
Cc: George Phillips <>,
Content-Length: 1035
 * Re: CGI and REMOTE_USER  by "M. Strata Rose"
 *    written on Jan 25,  7:33pm.
 * WRT REMOTE_IDENT, I want to put in a request that the variable be able
 * to hold standard PGP or RSA key signatures.  We almost certainly need to
 * define additional variables to do authentication and decryption with, but
 * I thought I would just get the ball rolling a little.
httpd 1.1 puts the name which is associated with the user's key in
REMOTE_USER not in REMOTE_IDENT. REMOTE_IDENT is *not* to be trusted under
any circumstances for anything other than simple logging.
 * Who out there is already working on "authenticated" Mosaic, ie an http 
 * server which knows to serve encrypted pages to only a select set of users 
 * whose clients will know to decrypt them for display & interpretation?

I already did it. httpd 1.1 and the upcoming Mosaic 2.2 have support for an
experimental PGP or PEM based encryption/decryption protocol. Read about it
at if you're interested.