Cyrus-- You're right, but Henrik's point still stands. The existing implementation of Negotiate/NTLM is significantly different than the conventional HTTP authentication "per-message" model. It may be difficult (or undesirable) to roll this into RFC2616. Eric Lawrence Program Manager Internet Explorer -----Original Message----- From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Cyrus Daboo Sent: Thursday, May 31, 2007 2:16 PM To: Henrik Nordstrom Cc: Robert Sayre; Mark Nottingham; Larry Masinter; Eliot Lear; Julian Reschke; Paul Hoffman; Apps Discuss; ietf-http-wg@w3.org Subject: Re: Straw-man charter for http-bis -- call for errata/clarifications to 2617 Hi Henrik, --On May 31, 2007 8:57:28 PM +0200 Henrik Nordstrom <henrik@henriknordstrom.net> wrote: >> (form-based, cookie-based etc). We then have separate documents for each >> of the http-based schemes basic and digest - and we should add >> Kerberos/SPNEGO to that too. > > Note: Both Kerberos & SPNEGO both break the foundations laid out by > RFC2616 and 2617, tying authentication to connections and not messages. Well there is already RFC4559 and some folks in the security area were working on tidying that up a bit more for a proposed standard. -- Cyrus DabooReceived on Thursday, 31 May 2007 21:30:20 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT