Security

RFC1244 (July 1991, Site Security Handbook) surveys a range of issues that remain paramount concerns for a groupware developer/administrator who straddles the intranet/Internet boundary. RFC1281 (November 1991, Guidelines for the Secure Operation of the Internet), which covers some of the same ground, stresses that “users are individually accountable for their own behavior” and “have a responsibility to employ available security mechanisms and procedures for protecting their own data.”

RFC2069 (January 1997, An Extension to HTTP : Digest Access Authentication) defines a mechanism like Windows NT’s Challenge/Response protocol. This mechanism enables an HTTP client to authenticate to a server using encrypted rather than cleartext credentials. Although implemented in some web servers, it has never been supported in mainstream browsers.

RFC2617 ( une 1999, HTTP Authentication: Basic and Digest Authentication) describes the original HTTP basic authentication scheme and updates RFC2069’s description of digest authentication.

Say the authors of RFC2246 (January 1999, The TLS Protocol Version 1.0):

This document and the TLS protocol itself are based on the SSL 3.0 Protocol Specification as published by Netscape. The differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate (although TLS 1.0 does incorporate a mechanism by which a TLS implementation can back down to SSL 3.0.

For more information on Transport ...

Get Practical Internet Groupware now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.