- From: <jg@zorch.w3.org>
- Date: Mon, 26 Aug 96 17:36:18 -0400
- To: Dave Kristol <dmk@allegra.att.com>
- Cc: koen@win.tue.nl, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
I agree with Dave Krystol's position: if a client supports authentication at all, it MUST support Digest. This means that only those supporting authentication must do work, keeping the simplest web clients simple. We have to get passwords in the clear out of use in the Web; naive people tend to put their regular passwords into password fields, not understanding the lack of security. - Jim
Received on Monday, 26 August 1996 14:43:42 UTC