- From: Yves Lafon <ylafon@w3.org>
- Date: Fri, 8 Jun 2007 05:56:55 -0400 (EDT)
- To: Henrik Nordstrom <henrik@henriknordstrom.net>
- Cc: Justin Erenkrantz <justin@erenkrantz.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On Thu, 7 Jun 2007, Henrik Nordstrom wrote:
> tor 2007-06-07 klockan 10:57 -0700 skrev Justin Erenkrantz:
>
>> Right - the IETF can wave a magic wand here, but it won't help as
>> deploying new versions of the servers and the clients take years.
>
> My rough estimate for getting a secure HTTP authentication scheme widely
> deployed is about 15 years, assuming that it takes no more than 5 to get
> it to draft standard. This assuming no major revisions of HTTP is needed
> along the way in which case add another 5 to 10 years..
Many sites moved away from HTTP authentication, not so much because of the
technical aspects of basic or digest, but mostly because there was no good
UI in browser. Of course browsers are not the only consumers of HTTP, far
from that, but when defining a new authentication scheme, having a way to
present it nicely in browsers would be part of the adoption path.
Henrik's timeline is describing the positive outcome of creating a new
HTTP auth scheme.
--
Baroula que barouleras, au tiéu toujou t'entourneras.
~~Yves
Received on Friday, 8 June 2007 09:56:59 UTC