RE: Resolving Digest authentication issue

So we agree that Larry's option (b) is what we prefer to go with and that
Jim Whitehead's proposal, which multiple people have supported, falls in
category (b).

The remaining question seems to be whether we will include any language
about a secure network.   The text was...

  Basic MUST NOT be used unless the connection is secure. Secure is defined
  to be TLS over the Internet, a physically secure network, or a network
  behind a well-administered firewall.

  Client requirements: MUST support Basic, SSL/TLS support is STRONGLY
  RECOMMENDED
  Server requirements: SHOULD support Basic, SSL/TLS support is STRONGLY
  RECOMMENDED

Instead perhaps we can say something *like* the following...

  Basic MUST NOT be used unless the connection is secure.  The recommended
  method for securing a connection is TLS.

  Client requirements: MUST support Basic, SSL/TLS support is STRONGLY
  RECOMMENDED
  Server requirements: SHOULD support Basic, SSL/TLS support is STRONGLY
  RECOMMENDED

J.


------------------------------------------
Phone: 914-784-7569,   ccjason@us.ibm.com

Received on Tuesday, 6 November 2001 13:18:17 UTC