- From: <hallam@etna.ai.mit.edu>
- Date: Fri, 24 May 96 15:19:55 -0400
- To: Dave Kristol <dmk@allegra.att.com>
- Cc: hallam@etna.ai.mit.edu, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Further to Dave's comments its important to realize that the design of digest was constrained by the limitations imposed by needing to act as a direct replacement for BASIC. The goal was to produce the strongest authentication scheme which was compatible. If servers cannot offer a choice between an obsolete scheme and a replacement the Web can never evolve because the installed base will always represent 100% of browsers and servers the day a new proposal is launched. This is the same for authentications schemes, content types and whatever. A user may compromise her credentials by allowing them to be used with BASIC. That is why I believe that many servers will choose not to offer BASIC in the long term. There *MUST* be an upgrade strategy for the administrators of such servers, they cannot simply require every user to re-register on the same day. This is all obvious stuff and I suggest that we stop discussing it and try to work on the caching section of the draft. Phill
Received on Friday, 24 May 1996 12:18:28 UTC