- From: Nico Williams <nico@cryptonector.com>
- Date: Thu, 31 Oct 2013 09:51:02 -0500
- To: Julian Reschke <julian.reschke@greenbytes.de>
- Cc: Stephen Kent <kent@bbn.com>, secdir <secdir@ietf.org>, fielding@gbiv.com, mnot@pobox.com, Barry Leiba <barryleiba@computer.org>, Pete Resnick <presnick@qti.qualcomm.com>, "Mankin, Allison" <amankin@verisign.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Oct 31, 2013 at 02:54:45PM +0100, Julian Reschke wrote: > On 2013-10-29 20:35, Stephen Kent wrote: > >... > > > OK. Maybe: > > "HTTP does not restrict applications to this simple > challenge-response framework. Additional mechanisms can be used, > such as additional header fields carrying authentication > information, or encryption on the transport layer in order to > provide confidentiality. However, such additional mechanisms are not > defined by this specification." Or even -as pretty much all web authentication is done- *above* HTTP. Nico --
Received on Thursday, 31 October 2013 14:51:33 UTC