- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Wed, 6 Aug 1997 18:20:25 PDT
- To: David Jablon <dpj@world.std.com>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Please stop. The specification does _not_ precluded other mechanisms for password authentication for HTTP. Many web sites use stronger mechanisms for security in HTTP, usually by using https with alternative methods of logging in. All we've done is set the minimum to be something that everyone can do, easily. This is a topic that we addressed at length in the past. The topic is closed. There will be no further discussion in the HTTP working group of 'alternatives to digest authentication'. There *was* another working group on HTTP security, and they also closed. If you want to start work on this topic, on raising the requirement for HTTP security to be a stronger authentication mechanism, I suggest you call for a BOF and try to get the interested implementor community to come. If you wish to suggest some editorial change to the wording of the draft that goes beyond what is already there, then please make some specific suggestions; however, check your conspiracy theories at the door. Thanks, Larry (as chair, HTTP-WG) -- http://www.parc.xerox.com/masinter
Received on Wednesday, 6 August 1997 18:21:46 UTC