Re: User authentication

Martin Hamilton (martin@mrrl.lut.ac.uk)
Mon, 29 May 1995 06:38:08 +0500


Kee Hinckley writes:

| I'm confused. Are you advocating a central registry of all browser owners,
| where the browser checks that registry, asks me to match the password, and
| then lets me send mail? I think a public key system would be simpler,
| safer and more private.

Only centralised in a local sense :-)

e.g. students in a public access lab being required to supply a valid
user name and password to a local "authentication server" before the
browser will allow them to send mail or post news. The authenticated
user name would be stamped on any messages they sent, say as an X-
header

At the moment it's ridiculously easy for casual WWW users to forge
messages. This is just a quick hack which would make it a bit more
difficult. Perhaps too difficult for the majority. Sure, public key
would be nice too, but more effort is involved!

Martin