W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: WGLC #348: Realms and scope

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 4 Jun 2012 11:28:09 -0700
Message-ID: <CABkgnnXwddXQh_FhekcwbcK5M8U0ba8YMa+qxzRx=HGc8hhc1Q@mail.gmail.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>
Cc: Mark Nottingham <mnot@mnot.net>, Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
On 3 June 2012 22:16, Manger, James H <James.H.Manger@team.telstra.com> wrote:
> Could we mention the best mitigation strategy (using a phishing-resistant authentication scheme that does not expose the client credentials in the protocol), instead of the strategy of restricting access to the "Authorization" value (which makes it hard to deploy better authentication schemes that need access to this header).

That would be great, if one existed.  Can you provide a citation for
an example? ;)
Received on Monday, 4 June 2012 18:28:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 4 June 2012 18:28:46 GMT