RE: Security Requirements for HTTP, draft -00 from Paul Leach on 2008-01-28 (ietf-http-wg@w3.org from January to March 2008)

From: Paul Leach <paulle@windows.microsoft.com>
Date: Mon, 28 Jan 2008 14:08:41 -0800
To: Paul Hoffman <paul.hoffman@vpnc.org>, Stephane Bortzmeyer <bortzmeyer@nic.fr>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <920B8B05FB49A04699188E04302FE87D592CDBE36F@NA-EXMSG-W602.wingroup.windeploy.ntd>

-----Original Message-----
From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Paul Hoffman
Sent: Monday, January 28, 2008 1:46 PM
To: Stephane Bortzmeyer
Cc: ietf-http-wg@w3.org
Subject: Re: Security Requirements for HTTP, draft -00

>My personal impression is that it is either forms+people or
>nonforms+nonpeople and the rest is marginal.

Fully agree.
[Paul Leach] On the public internet, I agree as well. Within Intranets, a significant proportion of people-auth uses NTLM and/or Kerberos via the Negotiate auth scheme.

Received on Monday, 28 January 2008 22:09:03 UTC