W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: Security Requirements for HTTP, draft -00

From: Henrik Nordström <henrik@henriknordstrom.net>
Date: Tue, 05 Feb 2008 13:42:45 +0100
To: Adrien de Croy <adrien@qbik.com>
Cc: "'HTTP Working Group'" <ietf-http-wg@w3.org>
Message-Id: <1202215365.17924.1.camel@hlaptop>

tis 2008-01-29 klockan 12:18 +1300 skrev Adrien de Croy:

> fundamental design/structure and how it has evolved.  HTTP was initially
> designed to connect, make request, get result and disconnect.  This
> doesn't have room in it for a challenge response auth scheme until you
> move to persistent connections.

Sure it does. Digest is an example of that. Just means that the
authentication session needs to be at the protocol message layer and not
transport connection.

Regards
Henrik

Received on Tuesday, 5 February 2008 12:44:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:36 GMT