W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: HTTP/1.1 + Digest

From: Larry Masinter <masinter@parc.xerox.com>
Date: Tue, 27 Aug 1996 17:40:21 PDT
To: hallam@vesuvius.ai.mit.edu
Cc: dwm@shell.portal.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, hallam@vesuvius.ai.mit.edu
Message-Id: <96Aug27.174021pdt."2733"@golden.parc.xerox.com> 
Servers can choose not to accept or request basic authentication. As
has been pointed out in many cases, Basic authentication is as safe as
Digest if used in conjunction with some other one-time password system
(SKey, SecurID, etc.).

I think we're deluding ourselves if we think we can require "MUST
implement"; "MUST implement" doesn't belong in a protocol
specification: "MUST send", or "MUST reply" does.

Larry
Received on Tuesday, 27 August 1996 17:43:25 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:08 EDT