On Thu, Nov 01, 2001 at 05:52:37PM -0800, Jim Whitehead wrote: > * Basic MUST NOT be used unless the connection is secure. Secure is defined > to be TLS over the Internet, a physically secure network, or a network > behind a well-administered firewall. > > Client requirements: MUST support Basic, SSL/TLS support is STRONGLY > RECOMMENDED > Server requirements: SHOULD support Basic, SSL/TLS support is STRONGLY > RECOMMENDED > > * Digest SHOULD be used when the connection is insecure, such as a non-TLS > connection over the Internet. > > Client requirements: MUST support Digest > Server requirements: SHOULD support Digest, but it is acceptable for Digest > authentication to be disabled by default. It SHOULD be possible for an > administrator to configure a server to use Digest. > > * Additional authentication schemes beyond Basic and Digest MAY be > supported, whether or not described in an IETF specification. Implementors > should be aware that use of other authentication schemes guarantees some > level of non-interoperation of that authentication scheme, since all WebDAV > clients and servers cannot be expected to support that authentication > scheme. > > * Finally, to guarantee some level of authentication will be possible: a > server MUST at minimum support either Basic OR Digest. A server SHOULD > support Basic AND Digest. ... > Comments? > > - Jim Sounds good to me. AlanReceived on Thursday, 1 November 2001 21:53:46 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT