W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: HTTP/1.1 + Digest

From: Michael Smith <ms@gf.org>
Date: Wed, 28 Aug 96 09:22 EDT
Message-Id: <m0uvkZY-000TYpC@www.gf.org>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/1504
Larry Masinter <masinter@parc.xerox.com> wrote:
>Servers can choose not to accept or request basic authentication. 
>I think we're deluding ourselves if we think we can require "MUST
>implement"; "MUST implement" doesn't belong in a protocol
>specification: "MUST send", or "MUST reply" does.

With respect, this distinction seems a little labored. As I see it, 
Basic authentication is badly flawed from the point of view of the 
_function_ it is supposed to support. Protocols exist, and are specified, 
for practical, functional reasons, not exercises in abstract logic, and 
it seems clear to me that for HTTP to achieve the purposes for which it 
is designed in a satisfactory way, we have to get away from Basic 
authentication. So I strongly favor the MUST. 

--Michael Smith
Received on Wednesday, 28 August 1996 07:12:21 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:18 UTC