- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 5 Apr 2021 18:39:17 +0200
- To: ietf-http-wg@w3.org
"...The Basic authentication scheme [RFC7617] MUST NOT be used unless the underlying transport is authenticated, integrity-protected and confidential (e.g., as provided the "HTTPS" URI scheme, or another using TLS). ..." This actually modifies a SHOULD-level requirement from RFC 7617 -- is that really the right thing to do here? Best regards, Julian
Received on Monday, 5 April 2021 16:39:31 UTC