Re: [moore@cs.utk.edu: http digest auth + http 1.1?]

Larry Masinter:
>
>It is my belief that it is the intent of the working group that digest
>authentication be part of HTTP/1.1. 
>
>If you disagree, would you please let me know ASAP?

[...]

>Is it the intention of the working group that the support for the
>digest authentication method should be included as part of http 1.1?
>
>(that is, should compliance with the http 1.1 spec require support for 
>the digest authentication method?)

I feel that digest authentication is a `may support' feature, not a
`must support' feature for HTTP/1.x applications.  I feel that
compliance with 1.1 must _not_ require support for digest
authentication: support for various authentication methods has always
been optional in HTTP.  If support were required, this would greatly
increase the requirements on a minimal 1.1 application, which is a bad
thing.

I have no opinion on whether it is preferable to merge the digest
authentication draft into the main 1.1 draft.  As far as I am
concerned, this decision can be left to the RFC editor.

Koen.

Received on Monday, 26 August 1996 06:23:39 UTC