W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

Re: Digest Authentication Challenge Ordering

From: Dave Kristol <dmk@bell-labs.com>
Date: Fri, 07 Aug 1998 10:12:24 -0400
Message-Id: <35CB0B48.7761@bell-labs.com>
To: Paul Leach <paulle@microsoft.com>
Cc: "'http-wg@hplb.hpl.hp.com'" <http-wg@hplb.hpl.hp.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/314
Paul Leach wrote:
> I propose that the user-agent MUST choose the strongest auth-scheme it
> understands. This permits the server to put Basic first for old browsers (if
> it finds Basic acceptably secure). The order really doesn't matter, since
> the server is only supposed to offer minimally acceptable schemes.

I concur.  But the specifications for various authenticate schemes also
must rank them by strength relative to the others.  (Yes, of course it's
easy when we have just two, and their relative strengths are obvious.)

Dave Kristol
Received on Friday, 7 August 1998 07:15:13 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:23 UTC