If you could suggest specific wording changes, e.g., for draft-ietf-http-v10-spec-04.txt section 12.1: > 12.1 Authentication of Clients > As mentioned in Section 11.1, the Basic authentication scheme is > not a secure method of user authentication, nor does it prevent the > Entity-Body from being transmitted in clear text across the > physical network used as the carrier. HTTP/1.0 does not prevent > additional authentication schemes and encryption mechanisms from > being employed to increase security. that would be very useful. I do think that this is an issue that needs resolution before HTTP/1.0 goes out the door. Basic authentication does not actually imply that plaintext passwords are being used; the password can be one-time, e.g., with a securID. For what it's worth, I'm not sure: > HTTP/1.0 does not prevent > additional authentication schemes and encryption mechanisms from > being employed to increase security. carries a lot of meaning to the uninitiated.Received on Friday, 26 January 1996 14:37:15 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:42:57 UTC