- From: Keith Moore <moore@cs.utk.edu>
- Date: Mon, 11 Jun 2007 03:16:07 -0400
- To: Henrik Nordstrom <henrik@henriknordstrom.net>
- CC: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
> Web authors considering look & feel much more important than security, > and not willing to ask for the ability to have both as forms + cookies > accomplishes their goal of getting the look & feel they want? > it's not immediately clear to me that forms+cookies+TLS, when well-implemented, are worse than digest. of course, there are lots of potential pitfalls there. > Digest being different than the other authentication mechanisms, and > therefore a bit of a pain to integrate into existing systems, requiring > a different password store or alternatively access to plaintext? I suspect that the tendency to want to share authentication databases between HTTP and other applications puts any HTTP-specific mechanism at a disadvantage. Keith
Received on Monday, 11 June 2007 07:16:56 UTC