- From: Phillip Hallam-Baker <hallam@ai.mit.edu>
- Date: Mon, 22 Oct 2001 20:28:56 -0400
- To: "'Dylan Barrell'" <dbarrell@opentext.com>, "'WebDAV'" <w3c-dist-auth@w3.org>, "'Lisa Dusseault'" <lisa@xythos.com>
The policy makes very good sense. Sending passwords in the clear is one of the major causes of compromised passwords. If password is compromised it is likely that the effect will compromise applications beyond just WebDav because many users share passwords across applications. The excuses given for not supporting digest were unconvincing. You have an application that is not HTTP 1.1 compliant, so fix the thing. WebDav is not going to proceed to standards status in any standards group I have influence in if BASIC is the only mandatory to implement authentication scheme. In the IETF it will be subject to Jeff Schiller's veto on the IESG. In the W3C I will point the director to the IESG policy and the reason for which it was made. I don't think that you are going to persuade the W3C director to second guess the IETF on the issue. Phill > -----Original Message----- > From: Dylan Barrell [mailto:dbarrell@opentext.com] > Sent: Monday, October 22, 2001 9:28 AM > To: Phillip Hallam-Baker; 'WebDAV'; 'Lisa Dusseault' > Subject: RE: Digest Authentication > > > So we have to stick to policy even when there are > indisputable reasons why > it doesn't make sense? > > This doesn't seem like a very sensible thing to do. > > --Dylan > >
Received on Monday, 22 October 2001 20:31:54 UTC