Re: [#177] Realm required on challenges from Robert Collins on 2009-07-07 (ietf-http-wg@w3.org from July to September 2009)

From: Robert Collins <robertc@robertcollins.net>
Date: Tue, 07 Jul 2009 10:47:30 +0000
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1246963606.6472.41.camel@lifeless-64>

On Tue, 2009-07-07 at 17:42 +1000, Mark Nottingham wrote:
> 
> Not to argue a particular position WRT #177, but using NTLM is  
> probably a bad example, precisely because it does connection  
> authentication -- thereby breaking HTTP's assumption of statelessness.

Oh it surely is a pain. You don't want to know how ugly making NTLM work
through squid (to NTLM offering servers on the internet) was/is. Pretty
hard to imagine HTTP/SMTP w/NTLM too.

That said, it exists, and forcing it to add a empty realm would be
pointless IMO - let alone probably fraught and likely to break clients.

-Rob

Received on Tuesday, 7 July 2009 11:44:57 UTC