W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: [moore@cs.utk.edu: http digest auth + http 1.1?]

From: <jg@zorch.w3.org>
Date: Mon, 26 Aug 96 17:36:18 -0400
Message-Id: <9608262136.AA29232@zorch.w3.org>
To: Dave Kristol <dmk@allegra.att.com>
Cc: koen@win.tue.nl, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/1470

I agree with Dave Krystol's position: if a client supports
authentication at all, it MUST support Digest.  This means that only
those supporting authentication must do work, keeping the simplest
web clients simple.

We have to get passwords in the clear out of use in the Web; naive people
tend to put their regular passwords into password fields, not understanding
the lack of security.
				- Jim
Received on Monday, 26 August 1996 14:43:42 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:18 UTC