- From: Larry Masinter - LMM@acm.org <lmnet@attglobal.net>
- Date: Thu, 25 Oct 2001 08:20:24 -0700
- To: "Jösh" <josh@bluescreen.org>, "Jim Whitehead" <ejw@cse.ucsc.edu>, <mtimmerm@opentext.com>, <w3c-dist-auth@w3.org>
In any specification or standard, if you have two options A or B that don't interoperate, you don't get an "interoperable" standard if some people support A but not B, and other people support B but not A. The goal of standards is that there's general interoperability. So a server that only supports basic with SSL may be "secure enough", but it's not "interoperable enough". The standards group must choose a baseline that is both "secure enough" and "interoperable enough". So far, the group chose "must support Digest". If you change it to "must support Digest OR basic+SSL" on the server side, then you're mandating "must support Digest AND basic+SSL" on the client side. This is nice for server implementors but maybe not as nice for client implementors.
Received on Thursday, 25 October 2001 11:21:32 UTC