Re: Straw-man charter for http-bis -- call for errata/clarifications to 2617

tor 2007-05-31 klockan 17:16 -0400 skrev Cyrus Daboo:

> Well there is already RFC4559 and some folks in the security area were 
> working on tidying that up a bit more for a proposed standard.

Sure, but it doesn't make it follow the HTTP specs any better.

It's not very visible when reading the rfc until one gets to the
security considerations section, or alternatively study how the "scheme"
actually operates on the wire.

NTLM and Negotiate is not HTTP authentication schemes, it's something
completely different masqueraded to look like HTTP authentication at a
first glance, but with far going implications on the HTTP message,
transport and security models.

Regards
Henrik

Received on Thursday, 31 May 2007 21:35:41 UTC