Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

On 11/4/06, David Morris <> wrote:
> But in the end it doesn't matter,

I don't think that's an assumption that can be made, if we are to
envision a world where people actually use HTTP authentication instead
of cookies and forms. For instance, servers may wish to redirect
HTTP/1.1 clients.


Robert Sayre

Received on Saturday, 4 November 2006 20:53:20 UTC