[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Traffic Logging Suggestion

> Or better yet, should there be a new international policy that all
> websites/ISPs should impose SSL? What would the effects be on traffic
> loads if this were to take place?

It would have the effect of making the web uncacheable by standard web
proxies.  Which would be a pity.

I think the point here is that ``HTTP basic'' (RFC 2617) authentication
over plain HTTP is hopelessly insecure.  As to ``HTTP digest'', my
feeling is that it can be implemented wrongly, and I'm not sure it can
be implemented to be secure.

I think the solution would be to make sure that your web browser never
uses HTTP authentication without also using SSL.  If anyone wrote a
firefox extension to make sure of that, he'd be doing us a favour.