W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Sat, 4 Nov 2006 11:07:55 -0800
Message-Id: <2014E0F6-7E9C-4B2E-B1CF-F2F459CB41BB@osafoundation.org>
Cc: "Robert Sayre" <sayrer@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
To: lists@ingostruck.de

On Oct 20, 2006, at 12:49 PM, Ingo Struck wrote:

> Imho one of the "bunch of new mechanisms" could be a re-written  
> clean-up
> of the existing ones (a well-done conforming rfc2617 Digest-auth MD5
> implementation can feature e.g. session-timeout, controlled log-off,
> one-shot nonces for requests with side-effects and the like).

Speaking personally:  +1.

Lisa
Received on Saturday, 4 November 2006 19:08:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT