- From: Eric Lawrence <ericlaw@exchange.microsoft.com>
- Date: Thu, 31 May 2007 14:28:26 -0700
- To: Cyrus Daboo <cyrus@daboo.name>, Henrik Nordstrom <henrik@henriknordstrom.net>
- CC: Robert Sayre <sayrer@gmail.com>, Mark Nottingham <mnot@mnot.net>, Larry Masinter <LMM@acm.org>, Eliot Lear <lear@cisco.com>, Julian Reschke <julian.reschke@gmx.de>, Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Cyrus-- You're right, but Henrik's point still stands. The existing implementation of Negotiate/NTLM is significantly different than the conventional HTTP authentication "per-message" model. It may be difficult (or undesirable) to roll this into RFC2616. Eric Lawrence Program Manager Internet Explorer -----Original Message----- From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Cyrus Daboo Sent: Thursday, May 31, 2007 2:16 PM To: Henrik Nordstrom Cc: Robert Sayre; Mark Nottingham; Larry Masinter; Eliot Lear; Julian Reschke; Paul Hoffman; Apps Discuss; ietf-http-wg@w3.org Subject: Re: Straw-man charter for http-bis -- call for errata/clarifications to 2617 Hi Henrik, --On May 31, 2007 8:57:28 PM +0200 Henrik Nordstrom <henrik@henriknordstrom.net> wrote: >> (form-based, cookie-based etc). We then have separate documents for each >> of the http-based schemes basic and digest - and we should add >> Kerberos/SPNEGO to that too. > > Note: Both Kerberos & SPNEGO both break the foundations laid out by > RFC2616 and 2617, tying authentication to connections and not messages. Well there is already RFC4559 and some folks in the security area were working on tidying that up a bit more for a proposed standard. -- Cyrus Daboo
Received on Thursday, 31 May 2007 21:30:20 UTC