W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: Resolving Digest authentication issue

From: Jason Crawford <ccjason@us.ibm.com>
Date: Tue, 6 Nov 2001 12:59:04 -0500
To: w3c-dist-auth@w3.org
Message-ID: <OF97B736AA.9DB724F0-ON85256AFC.00614518@pok.ibm.com>

So we agree that Larry's option (b) is what we prefer to go with and that
Jim Whitehead's proposal, which multiple people have supported, falls in
category (b).

The remaining question seems to be whether we will include any language
about a secure network.   The text was...

  Basic MUST NOT be used unless the connection is secure. Secure is defined
  to be TLS over the Internet, a physically secure network, or a network
  behind a well-administered firewall.

  Client requirements: MUST support Basic, SSL/TLS support is STRONGLY
  RECOMMENDED
  Server requirements: SHOULD support Basic, SSL/TLS support is STRONGLY
  RECOMMENDED

Instead perhaps we can say something *like* the following...

  Basic MUST NOT be used unless the connection is secure.  The recommended
  method for securing a connection is TLS.

  Client requirements: MUST support Basic, SSL/TLS support is STRONGLY
  RECOMMENDED
  Server requirements: SHOULD support Basic, SSL/TLS support is STRONGLY
  RECOMMENDED

J.


------------------------------------------
Phone: 914-784-7569,   ccjason@us.ibm.com
Received on Tuesday, 6 November 2001 13:18:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:59 GMT