- From: <hallam@vesuvius.ai.mit.edu>
- Date: Tue, 27 Aug 96 20:27:04 -0400
- To: Larry Masinter <masinter@parc.xerox.com>
- Cc: dwm@shell.portal.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, hallam@vesuvius.ai.mit.edu
Larry> >Writing MUST instead of SHOULD in the specification is not any way to >force some vendor to either implement or not implement something. The >spec should say what makes sense, not what is politically >expedient. We should write "MUST" if non-compliance causes systems to >break. This is the case here. Sending passwords in the clear causes systems to be susceptible to security problems that they would not otherwise be vulnerable to. Having one's system hacked is a pretty extreeme form of having it break. Phill
Received on Tuesday, 27 August 1996 17:35:18 UTC