Re: security requirements from Lisa Dusseault on 2006-11-04 (ietf-http-wg@w3.org from October to December 2006)

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Sat, 4 Nov 2006 11:07:55 -0800
To: lists@ingostruck.de
Cc: "Robert Sayre" <sayrer@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <2014E0F6-7E9C-4B2E-B1CF-F2F459CB41BB@osafoundation.org>

On Oct 20, 2006, at 12:49 PM, Ingo Struck wrote:

> Imho one of the "bunch of new mechanisms" could be a re-written  
> clean-up
> of the existing ones (a well-done conforming rfc2617 Digest-auth MD5
> implementation can feature e.g. session-timeout, controlled log-off,
> one-shot nonces for requests with side-effects and the like).

Speaking personally:  +1.

Lisa

Received on Saturday, 4 November 2006 19:08:10 UTC