- From: Michael Smith <ms@gf.org>
- Date: Wed, 28 Aug 96 09:22 EDT
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Larry Masinter <masinter@parc.xerox.com> wrote: >Servers can choose not to accept or request basic authentication. [....] >I think we're deluding ourselves if we think we can require "MUST >implement"; "MUST implement" doesn't belong in a protocol >specification: "MUST send", or "MUST reply" does. With respect, this distinction seems a little labored. As I see it, Basic authentication is badly flawed from the point of view of the _function_ it is supposed to support. Protocols exist, and are specified, for practical, functional reasons, not exercises in abstract logic, and it seems clear to me that for HTTP to achieve the purposes for which it is designed in a satisfactory way, we have to get away from Basic authentication. So I strongly favor the MUST. --Michael Smith ms@gf.org
Received on Wednesday, 28 August 1996 07:12:21 UTC