W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

HTTP/1.1 + Digest

From: John Franks <john@math.nwu.edu>
Date: Mon, 26 Aug 1996 08:55:02 -0500 (CDT)
To: Dave Kristol <dmk@allegra.att.com>
Cc: koen@win.tue.nl, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.SUN.3.91.960826085101.5134A-100000@hopf.math.nwu.edu>
On Mon, 26 Aug 1996, Dave Kristol wrote:

> koen@win.tue.nl (Koen Holtman) wrote:
>   > I feel that digest authentication is a `may support' feature, not a
>   > `must support' feature for HTTP/1.x applications.  I feel that
>   > compliance with 1.1 must _not_ require support for digest
>   > authentication: support for various authentication methods has always
>   > been optional in HTTP.  If support were required, this would greatly
>   > increase the requirements on a minimal 1.1 application, which is a bad
>   > thing.
> 
> I would like to see it be mandatory.  Here's why.
> 
> 1) We would like Digest to supersede Basic.
> 
> 2) As long as there's uncertainty that Digest is widely supported by
> browsers, servers will of necessity ask for authentication by either.
> (That's assuming they support Digest themselves.)
> 
> 3) If servers can ask for both kinds of authentication, there's no
> incentive for browser vendors to support Digest.  So (I believe) they
> won't.
> 
> So here's a proposal:  if an HTTP/1.1 agent (client or server) supports
> Basic, it must also support Digest.  Authentication support remains
> optional, but it's all or none.
> 


I strongly agree with Dave.  I think his arguments are very sound.
I would clarify one point, though.  It should be possible to support
Digest and not support Basic.   But I like the requirement that
if Basic is supported then Digest must be also.  I think Koen's 
concerns about minimal implementations are met by the possibility of 
supporting neither.


John Franks 	Dept of Math. Northwestern University
		john@math.nwu.edu
Received on Monday, 26 August 1996 06:57:49 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:08 EDT