- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 30 Jun 2011 09:17:24 +0200
- To: Mark Nottingham <mnot@mnot.net>
- CC: Adrien de Croy <adrien@qbik.com>, httpbis Group <ietf-http-wg@w3.org>
On 2011-06-30 03:02, Mark Nottingham wrote: > > On 30/06/2011, at 10:52 AM, Adrien de Croy wrote: > >> >> How does auth fit in with this, esp any challenge-response based authentication or connection-oriented auth. > > I think it's well-established that "connection-oriented" authentication is fundamentally incompatible with HTTP, and shouldn't be attempted. Yes, NTLM does it, and that causes *significant* problems in all of the implementations I'm aware of. > ... And it's good that we now have spec text we can people point to when the question comes up (for instance, when looking at draft-ietf-httpbis-authscheme-registrations). Best regards, Julian
Received on Thursday, 30 June 2011 07:17:54 UTC