W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: HTTP/1.1 + Digest

From: Larry Masinter <masinter@parc.xerox.com>
Date: Tue, 27 Aug 1996 17:40:21 PDT
To: hallam@vesuvius.ai.mit.edu
Cc: dwm@shell.portal.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, hallam@vesuvius.ai.mit.edu
Message-Id: <96Aug27.174021pdt."2733"@golden.parc.xerox.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/1493
Servers can choose not to accept or request basic authentication. As
has been pointed out in many cases, Basic authentication is as safe as
Digest if used in conjunction with some other one-time password system
(SKey, SecurID, etc.).

I think we're deluding ourselves if we think we can require "MUST
implement"; "MUST implement" doesn't belong in a protocol
specification: "MUST send", or "MUST reply" does.

Received on Tuesday, 27 August 1996 17:43:25 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:18 UTC