- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 16 Aug 2010 16:40:19 +0200
- To: Anne van Kesteren <annevk@opera.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
On 16.08.2010 16:31, Anne van Kesteren wrote: > On Mon, 16 Aug 2010 16:24:23 +0200, Julian Reschke > <julian.reschke@gmx.de> wrote: >> FYI: >> >> This revision adds a discussion about why there's no parameter for the >> credentials (KISS), and a rewrite of the deployment considerations. > > If we do not want people to use Basic auth, should we really add new > features? 1) I have no problem with people doing Basic auth, as long as it happens over a secure connection, or the implications of not doing so are well understood. (*`) 2) This fixes an age-old interop problem, and does so with very limited cost. Best regards, Julian (*) If you believe that people shouldn't do Basic auth, how about lobbying both in the W3C and the IETF not to use Basic Auth for their own sites?
Received on Monday, 16 August 2010 14:40:55 UTC