W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: I command you to support Digest!!!

From: Larry Masinter - LMM@acm.org <LMM@acm.org>
Date: Thu, 25 Oct 2001 08:20:24 -0700
To: "Jösh" <josh@bluescreen.org>, "Jim Whitehead" <ejw@cse.ucsc.edu>, <mtimmerm@opentext.com>, <w3c-dist-auth@w3.org>
Message-ID: <NDBBKEBDLFENBJCGFOIJAENOFMAA.lmnet@attglobal.net>
In any specification or standard, if you have two options
A or B that don't interoperate, you don't get an "interoperable"
standard if some people support A but not B, and other people
support B but not A.  The goal of standards is that there's
general interoperability.

So a server that only supports basic with SSL may be "secure
enough", but it's not "interoperable enough".

The standards group must choose a baseline that is both
"secure enough" and "interoperable enough". So far, the group
chose "must support Digest". If you change it to "must support
Digest OR basic+SSL" on the server side, then you're mandating
"must support Digest AND basic+SSL" on the client side.

This is nice for server implementors but maybe not as nice for
client implementors.
Received on Thursday, 25 October 2001 11:21:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT