Again, from your point of view, of course you are securing the channel, so the data travel protected.
;) jonathan Stephen R Laniel wrote:
On Sun, Jul 31, 2005 at 07:36:16PM +0200, jonathan gonzalez wrote:SSL/TLS is the socket/transport layer security and auth digest is a challenge-response process usig no-clear text credentials. How? The most of the web explorers can pass credentials from forms to the server either in clear text or hashed (MD5), and my propose was do it hashed.But if everything's already encrypted with SSL, then it doesn't matter if the credentials go over the wire in the clear, right? They go over as cleartext, but cleartext embedded in an encrypted stream. If they go over hashed as MD5, that's encrypted MD5 atop encrypted SSL -- redundant encryption. No?
Attachment:
signature.asc
Description: OpenPGP digital signature