On 07.07.2009 12:47, Robert Collins wrote: > On Tue, 2009-07-07 at 17:42 +1000, Mark Nottingham wrote: >> >> Not to argue a particular position WRT #177, but using NTLM is >> probably a bad example, precisely because it does connection >> authentication -- thereby breaking HTTP's assumption of statelessness. > > Oh it surely is a pain. You don't want to know how ugly making NTLM work > through squid (to NTLM offering servers on the internet) was/is. Pretty > hard to imagine HTTP/SMTP w/NTLM too. > > That said, it exists, and forcing it to add a empty realm would be > pointless IMO - let alone probably fraught and likely to break clients. So maybe we should be pragmatic and say: - the realm is defined for all authentication protocols - SHOULD be provided in the challenge - if not provided, header should be treated as if an empty realm was specified ? Best regards, JulianReceived on Tuesday, 14 September 2010 16:59:39 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:23 UTC