W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

From: <lists@ingostruck.de>
Date: Fri, 8 Jun 2007 09:34:04 +0000
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: Julian Reschke <julian.reschke@gmx.de>, Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-Id: <200706080934.06204.lists@ingostruck.de>

On Friday 08 June 2007 08:10, Stephane Bortzmeyer wrote:
> On Thu, Jun 07, 2007 at 06:18:13PM +0200,
>  Julian Reschke <julian.reschke@gmx.de> wrote
>
>  a message of 14 lines which said:
> > In the wild, most authentication isn't using RFC2617 anyway.
>
> Any data here? IMHO, this assertion is not true, unless you limit to
> big e-commerce Web sites. For instance, HTTP-based Web services use
> 2617. Also, 2617 is typically the simplest way for a small and rapidly
> setup Web site, even if it does not have the visibility of Amazon.
Apart from that there is an applications where rfc2617
imho currently is the only widely usable auth scheme:
restricted proxies.
If you want to have a semi-public proxy that needs auth,
anything else but using rfc2617 Proxy-Authentication
is a pain. If you do not want plaintext credentials, rfc2617 digest
currently remains the only working option (at least for me, but admittedly
this doesn't say anything about "widespread-use").

Kind regards

Ingo Struck
Received on Friday, 8 June 2007 08:23:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT