W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: [moore@cs.utk.edu: http digest auth + http 1.1?]

From: <hallam@ai.mit.edu>
Date: Mon, 26 Aug 96 13:50:13 -0400
Message-Id: <9608261750.AA20494@etna.ai.mit.edu>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Cc: hallam@ai.mit.edu

>Larry Masinter:
>>
>>It is my belief that it is the intent of the working group that digest
>>authentication be part of HTTP/1.1. 
>>
>>If you disagree, would you please let me know ASAP?

This was what it was originally proposed as.

The original idea was that DIGEST would be the preferred method
and that BASIC be *VERY* strongly depreciated. That is why so
much effort was made into making a scheme that was 100% plug
compatible with BASIC. If the idea was to produce the best
possible digest authentication scheme we would have made a very
different proposal.

About the only use for BASIC at present is in conjunction with 
SSL where it might possibly be preferable to DIGEST but not by 
much.

I like Dave Kristol's proposal that suport for BASIC in 1.1
implies support for DIGEST.


My understanding was that we were hoping to have DIGEST docked
and that only the adminstrivia issues would argue to not dock. 
If the IESG are willing for docking to take place and any such 
moves can be coordinated between the RFC edditor and the HTTP
editor then fair enough.


	Phill
Received on Monday, 26 August 1996 10:48:27 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:08 EDT