W3C home > Mailing lists > Public > www-tag@w3.org > April 2006

Re: IETF documents - action item from TAG meeting.

From: Robert Sayre <sayrer@gmail.com>
Date: Wed, 5 Apr 2006 17:02:22 -0400
Message-ID: <68fba5c50604051402g5d9c26aeuc9a818c76d4e5aa0@mail.gmail.com>
To: www-tag@w3.org
Cc: ed.rice@hp.com

Mark Nottingham wrote:
>On 2006/04/03, at 1:55 PM, Rice, Ed (ProCurve) wrote:
>> SASL in HTTP/1.1
>> <http://www.ietf.org/internet-drafts/draft-nystrom-http-sasl-12.txt>
> As I understand it (the document is very complex), this effectively
> ties the authentication session to the HTTP connection, which breaks
> the layering of HTTP and introduces a big security hole;

I haven't read the SASL in HTTP document, but there's already been a
lot of integration and security trouble caused by Microsoft NTLM
authentication, which is also tied to the HTTP connection.


Regarding HMAC Digest, there's a new version coming soon. A more
stable URI to track the document is available from ISOC:


Coincidentally, Amazon's S3 Web storage service recently deployed a
proprietary authentication scheme that's very similar to HMAC Digest:



Robert Sayre
Received on Wednesday, 5 April 2006 21:02:48 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:32:48 UTC