W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: Straw-man charter for http-bis

From: Keith Moore <moore@cs.utk.edu>
Date: Mon, 11 Jun 2007 03:16:07 -0400
Message-ID: <466CF6B7.6010104@cs.utk.edu>
To: Henrik Nordstrom <henrik@henriknordstrom.net>
CC: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>


> Web authors considering look & feel much more important than security,
> and not willing to ask for the ability to have both as forms + cookies
> accomplishes their goal of getting the look & feel they want?
>   
it's not immediately clear to me that forms+cookies+TLS, when
well-implemented, are worse than digest.  of course, there are lots of
potential pitfalls there.
> Digest being different than the other authentication mechanisms, and
> therefore a bit of a pain to integrate into existing systems, requiring
> a different password store or alternatively access to plaintext? 
I suspect that the tendency to want to share authentication databases
between HTTP and other applications puts any HTTP-specific mechanism at
a disadvantage.

Keith
Received on Monday, 11 June 2007 07:16:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT