- From: Dave Kristol <dmk@bell-labs.com>
- Date: Fri, 07 Aug 1998 10:12:24 -0400
- To: Paul Leach <paulle@microsoft.com>
- Cc: "'http-wg@hplb.hpl.hp.com'" <http-wg@hplb.hpl.hp.com>
Paul Leach wrote: > > I propose that the user-agent MUST choose the strongest auth-scheme it > understands. This permits the server to put Basic first for old browsers (if > it finds Basic acceptably secure). The order really doesn't matter, since > the server is only supposed to offer minimally acceptable schemes. I concur. But the specifications for various authenticate schemes also must rank them by strength relative to the others. (Yes, of course it's easy when we have just two, and their relative strengths are obvious.) Dave Kristol
Received on Friday, 7 August 1998 07:15:13 UTC