- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 4 Jun 2012 11:28:09 -0700
- To: "Manger, James H" <James.H.Manger@team.telstra.com>
- Cc: Mark Nottingham <mnot@mnot.net>, Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
On 3 June 2012 22:16, Manger, James H <James.H.Manger@team.telstra.com> wrote: > Could we mention the best mitigation strategy (using a phishing-resistant authentication scheme that does not expose the client credentials in the protocol), instead of the strategy of restricting access to the "Authorization" value (which makes it hard to deploy better authentication schemes that need access to this header). That would be great, if one existed. Can you provide a citation for an example? ;)
Received on Monday, 4 June 2012 18:28:39 UTC