W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: HTTP/1.1 + Digest

From: Michael Smith <ms@gf.org>
Date: Wed, 28 Aug 96 09:22 EDT
Message-Id: <m0uvkZY-000TYpC@www.gf.org>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Larry Masinter <masinter@parc.xerox.com> wrote:
>Servers can choose not to accept or request basic authentication. 
[....]
>I think we're deluding ourselves if we think we can require "MUST
>implement"; "MUST implement" doesn't belong in a protocol
>specification: "MUST send", or "MUST reply" does.

With respect, this distinction seems a little labored. As I see it, 
Basic authentication is badly flawed from the point of view of the 
_function_ it is supposed to support. Protocols exist, and are specified, 
for practical, functional reasons, not exercises in abstract logic, and 
it seems clear to me that for HTTP to achieve the purposes for which it 
is designed in a satisfactory way, we have to get away from Basic 
authentication. So I strongly favor the MUST. 

--Michael Smith
  ms@gf.org
Received on Wednesday, 28 August 1996 07:12:21 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:08 EDT