RE: Digest Authentication Challenge Ordering from Paul Leach on 1998-08-07 (ietf-http-wg@w3.org from July to September 1998)

From: Paul Leach <paulle@microsoft.com>
Date: Fri, 7 Aug 1998 00:57:14 -0700
To: "'http-wg@hplb.hpl.hp.com'" <http-wg@hplb.hpl.hp.com>
Message-Id: <CB6657D3A5E0D111A97700805FFE65875D742A@red-msg-51.dns.microsoft.com>

I propose that the user-agent MUST choose the strongest auth-scheme it
understands. This permits the server to put Basic first for old browsers (if
it finds Basic acceptably secure). The order really doesn't matter, since
the server is only supposed to offer minimally acceptable schemes.

Received on Friday, 7 August 1998 00:59:07 UTC