[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Traffic Logging Suggestion
> Or better yet, should there be a new international policy that all
> websites/ISPs should impose SSL? What would the effects be on traffic
> loads if this were to take place?
It would have the effect of making the web uncacheable by standard web
proxies. Which would be a pity.
I think the point here is that ``HTTP basic'' (RFC 2617) authentication
over plain HTTP is hopelessly insecure. As to ``HTTP digest'', my
feeling is that it can be implemented wrongly, and I'm not sure it can
be implemented to be secure.
I think the solution would be to make sure that your web browser never
uses HTTP authentication without also using SSL. If anyone wrote a
firefox extension to make sure of that, he'd be doing us a favour.