Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

On Friday 08 June 2007 08:10, Stephane Bortzmeyer wrote:
> On Thu, Jun 07, 2007 at 06:18:13PM +0200,
>  Julian Reschke <julian.reschke@gmx.de> wrote
>
>  a message of 14 lines which said:
> > In the wild, most authentication isn't using RFC2617 anyway.
>
> Any data here? IMHO, this assertion is not true, unless you limit to
> big e-commerce Web sites. For instance, HTTP-based Web services use
> 2617. Also, 2617 is typically the simplest way for a small and rapidly
> setup Web site, even if it does not have the visibility of Amazon.
Apart from that there is an applications where rfc2617
imho currently is the only widely usable auth scheme:
restricted proxies.
If you want to have a semi-public proxy that needs auth,
anything else but using rfc2617 Proxy-Authentication
is a pain. If you do not want plaintext credentials, rfc2617 digest
currently remains the only working option (at least for me, but admittedly
this doesn't say anything about "widespread-use").

Kind regards

Ingo Struck

Received on Friday, 8 June 2007 08:23:16 UTC