- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Tue, 27 Aug 1996 17:40:21 PDT
- To: hallam@vesuvius.ai.mit.edu
- Cc: dwm@shell.portal.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, hallam@vesuvius.ai.mit.edu
Servers can choose not to accept or request basic authentication. As has been pointed out in many cases, Basic authentication is as safe as Digest if used in conjunction with some other one-time password system (SKey, SecurID, etc.). I think we're deluding ourselves if we think we can require "MUST implement"; "MUST implement" doesn't belong in a protocol specification: "MUST send", or "MUST reply" does. Larry
Received on Tuesday, 27 August 1996 17:43:25 UTC