- From: <hallam@w3.org>
- Date: Tue, 27 Feb 96 15:38:16 -0500
- To: Larry Masinter <masinter@parc.xerox.com>
- Cc: john@math.nwu.edu, paulle@microsoft.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, hallam@w3.org
Hi, I will have a look at the wording again tommorow and attempt to set right Alan's points. We have had Ran Carnetti look over the proposal. He suggested adding in a reciprocal authentication option so that the server could identify itself to the client. i can also find out if Phil rogaway is willing to give it a read through. Mihir Belhaire also comes to mind. these are the specialists in the field. We now have at least two interoperable implementations. We have the Spyglass one and the Common Lisp Web Server by John Mallory. the latter has been shipping for 6 months with almost every LISP implementations sold. As far as the criticisms Alan makes there are some which cannot be solved unless we forget about the idea of being a direct replac ement for BASIC. If BASIC did not exist I would insist we use Digest and the WRAPPED method together for security. As it is I know that such a demand would put back adoption for several years and probably mean that BASIC is still in widespread use in ten years time. it is always going to be harder to do wrapped methods than plain ones and I doubt that every PERL hack will support it. Phill
Received on Tuesday, 27 February 1996 12:40:52 UTC