W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: v11-03 COMMENT: (following) 19.1 Authentication of Clients

From: <hallam@etna.ai.mit.edu>
Date: Fri, 24 May 96 15:19:55 -0400
Message-Id: <9605241919.AA04361@Etna.ai.mit.edu>
To: Dave Kristol <dmk@allegra.att.com>
Cc: hallam@etna.ai.mit.edu, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com

Further to Dave's comments its important to realize that the design of 
digest was constrained by the limitations imposed by needing to act as
a direct replacement for BASIC. The goal was to produce the strongest 
authentication scheme which was compatible.

If servers cannot offer a choice between an obsolete scheme and a 
replacement the Web can never evolve because the installed base will
always represent 100% of browsers and servers the day a new proposal is
launched. This is the same for authentications schemes, content types
and whatever.

A user may compromise her credentials by allowing them to be used with
BASIC. That is why I believe that many servers will choose not to offer
BASIC in the long term. There *MUST* be an upgrade strategy for the 
administrators of such servers, they cannot simply require every user to
re-register on the same day.

This is all obvious stuff and I suggest that we stop discussing it and try to 
work on the caching section of the draft.

		Phill
Received on Friday, 24 May 1996 12:18:28 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:00 EDT