RE: I command you to support Digest!!!

> -----Original Message-----
> From: Larry Masinter
> [...]
> The standards group must choose a baseline that is both
> "secure enough" and "interoperable enough". So far, the group
> chose "must support Digest". If you change it to "must support
> Digest OR basic+SSL" on the server side, then you're mandating
> "must support Digest AND basic+SSL" on the client side.
>
> This is nice for server implementors but maybe not as nice for
> client implementors.

You wouldn't want to tell clients that they have to respond to any
particular scheme, because a client might be used in a more restrictive
environment.

It is no trouble at all, however, to require _clients_ to support (really
support!) Digest if they support Basic, because there are no _client-side_
security parameters that Basic meets, but Digest doesn't.

Received on Thursday, 25 October 2001 12:32:43 UTC