W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Wed, 13 Jun 2007 00:56:07 +0200
To: Adrien de Croy <adrien@qbik.com>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-Id: <1181688967.5224.58.camel@henriknordstrom.net>
ons 2007-06-13 klockan 10:16 +1200 skrev Adrien de Croy:

> I've never seen an instance of Digest auth.

I have set up several servers using Digest auth. There really isn't any
reason not to use Digest over Basic if you anyway have a local password
file.

Yes, some browsers is a bit broken, but most servers know how to work
around them.

Yes, due to the brokenness not all the security features of Digest can
be used (strict replay protection), but it's heaps better than Basic
even without them..


Using TLS is often overkill, and requires much more administration to
get a certificate issued, installed etc.

Regards
Henrik

Received on Tuesday, 12 June 2007 22:56:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT