W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: I command you to support Digest!!!

From: Matt Timmermans <mtimmerm@opentext.com>
Date: Thu, 25 Oct 2001 12:31:16 -0400
To: "'Larry Masinter - LMM@acm.org'" <lmnet@attglobal.net>, "'Jösh'" <josh@bluescreen.org>, "'Jim Whitehead'" <ejw@cse.ucsc.edu>, <w3c-dist-auth@w3.org>
Message-ID: <000701c15d72$787ac050$d482a8c0@mt2k>
> -----Original Message-----
> From: Larry Masinter
> [...]
> The standards group must choose a baseline that is both
> "secure enough" and "interoperable enough". So far, the group
> chose "must support Digest". If you change it to "must support
> Digest OR basic+SSL" on the server side, then you're mandating
> "must support Digest AND basic+SSL" on the client side.
>
> This is nice for server implementors but maybe not as nice for
> client implementors.

You wouldn't want to tell clients that they have to respond to any
particular scheme, because a client might be used in a more restrictive
environment.

It is no trouble at all, however, to require _clients_ to support (really
support!) Digest if they support Basic, because there are no _client-side_
security parameters that Basic meets, but Digest doesn't.
Received on Thursday, 25 October 2001 12:32:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT