Larry Masinter <masinter@parc.xerox.com> wrote: >Servers can choose not to accept or request basic authentication. [....] >I think we're deluding ourselves if we think we can require "MUST >implement"; "MUST implement" doesn't belong in a protocol >specification: "MUST send", or "MUST reply" does. With respect, this distinction seems a little labored. As I see it, Basic authentication is badly flawed from the point of view of the _function_ it is supposed to support. Protocols exist, and are specified, for practical, functional reasons, not exercises in abstract logic, and it seems clear to me that for HTTP to achieve the purposes for which it is designed in a satisfactory way, we have to get away from Basic authentication. So I strongly favor the MUST. --Michael Smith ms@gf.orgReceived on Wednesday, 28 August 1996 07:12:21 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:08 EDT