W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: HTTP/1.1 + Digest

From: <hallam@vesuvius.ai.mit.edu>
Date: Tue, 27 Aug 96 20:27:04 -0400
Message-Id: <9608280027.AA01242@vesuvius.ai.mit.edu>
To: Larry Masinter <masinter@parc.xerox.com>
Cc: dwm@shell.portal.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, hallam@vesuvius.ai.mit.edu
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/1492


>Writing MUST instead of SHOULD in the specification is not any way to
>force some vendor to either implement or not implement something. The
>spec should say what makes sense, not what is politically
>expedient. We should write "MUST" if non-compliance causes systems to

This is the case here. Sending passwords in the clear causes systems
to be susceptible to security problems that they would not otherwise
be vulnerable to.

Having one's system hacked is a pretty extreeme form of having it break.

Received on Tuesday, 27 August 1996 17:35:18 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:18 UTC