Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8) from Robert Sayre on 2006-11-04 (ietf-http-wg@w3.org from October to December 2006)

From: Robert Sayre <sayrer@gmail.com>
Date: Sat, 4 Nov 2006 15:53:11 -0500
To: "David Morris" <dwm@xpasc.com>
Cc: ietf-http-wg@w3.org
Message-ID: <68fba5c50611041253tc5b32bejc92d2613c1b7cb62@mail.gmail.com>

On 11/4/06, David Morris <dwm@xpasc.com> wrote:
>
> But in the end it doesn't matter,

I don't think that's an assumption that can be made, if we are to
envision a world where people actually use HTTP authentication instead
of cookies and forms. For instance, servers may wish to redirect
HTTP/1.1 clients.

-- 

Robert Sayre

Received on Saturday, 4 November 2006 20:53:20 UTC