- From: Jim Whitehead <ejw@cse.ucsc.edu>
- Date: Tue, 16 Oct 2001 17:44:21 -0700
- To: "WebDAV" <w3c-dist-auth@w3.org>
Alan Kent writes: > Bottom line is that I think that WebDAV does not need to specify > a security scheme - it can just say to use normal HTTP security > methods. It seems like an orthogonal issue to WebDAV to me. The diversity of WebDAV deployment scenarios was one of the key drivers behind RFC 2518 *not* mandating the *use* of a particular authentication mechanism. RFC 2518 merely states that implementations MUST implement Digest, not that they must use it. But, I believe Dylan is saying that the requirement to implement Digest is causing his server to store passwords in the clear, and hence implementing Digest (even if it isn't used) is causing him problems. - Jim
Received on Tuesday, 16 October 2001 20:48:08 UTC