W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: Fwd: I-D Action:draft-reschke-basicauth-enc-01.txt

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 16 Aug 2010 16:40:19 +0200
Message-ID: <4C694DD3.30901@gmx.de>
To: Anne van Kesteren <annevk@opera.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
On 16.08.2010 16:31, Anne van Kesteren wrote:
> On Mon, 16 Aug 2010 16:24:23 +0200, Julian Reschke
> <julian.reschke@gmx.de> wrote:
>> FYI:
>>
>> This revision adds a discussion about why there's no parameter for the
>> credentials (KISS), and a rewrite of the deployment considerations.
>
> If we do not want people to use Basic auth, should we really add new
> features?

1) I have no problem with people doing Basic auth, as long as it happens 
over a secure connection, or the implications of not doing so are well 
understood. (*`)

2) This fixes an age-old interop problem, and does so with very limited 
cost.


Best regards, Julian

(*) If you believe that people shouldn't do Basic auth, how about 
lobbying both in the W3C and the IETF not to use Basic Auth for their 
own sites?
Received on Monday, 16 August 2010 14:40:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:24 GMT