The Apache site has the MD5 digest module, but the notes at the apache.org site date from a long time ago. I presume that once this module is compiled in, the browsers that do permit it need the configuration switched for the session and this keeps the username:passwd traffic hashed during the Internet transit to the server where that particular acl entry is enabled and the AuthType is changed from Basic to Digest. In IE, there seems to be a limit to SSL2, SSL3, PCT. In Navigator3, there is no feature other than SSL2 and SSL3. In Communicator, there appears to be a bucket for adding in Cryptographic modules, but I haven't combed the Netscape site to see if an MD5 is available. For most of the non-technical endusers, the personal certificate is too big a hurdle, but a loadable module in communicator to speak through MD5 is something that the helpdesk/desktop-support people could put in as they configure new laptops, etc. Also in the http-wg discussions, there seems to be no consistency in setting up the WWW-Authenticate ordering...at least as recently as December98. Mark Bergstrom ______________________________________________________________________________ UNIX TEAM -- The Internet never sleeps and neither do we - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
