- From: Jason Crawford <ccjason@us.ibm.com>
- Date: Tue, 6 Nov 2001 12:59:04 -0500
- To: w3c-dist-auth@w3.org
So we agree that Larry's option (b) is what we prefer to go with and that Jim Whitehead's proposal, which multiple people have supported, falls in category (b). The remaining question seems to be whether we will include any language about a secure network. The text was... Basic MUST NOT be used unless the connection is secure. Secure is defined to be TLS over the Internet, a physically secure network, or a network behind a well-administered firewall. Client requirements: MUST support Basic, SSL/TLS support is STRONGLY RECOMMENDED Server requirements: SHOULD support Basic, SSL/TLS support is STRONGLY RECOMMENDED Instead perhaps we can say something *like* the following... Basic MUST NOT be used unless the connection is secure. The recommended method for securing a connection is TLS. Client requirements: MUST support Basic, SSL/TLS support is STRONGLY RECOMMENDED Server requirements: SHOULD support Basic, SSL/TLS support is STRONGLY RECOMMENDED J. ------------------------------------------ Phone: 914-784-7569, ccjason@us.ibm.com
Received on Tuesday, 6 November 2001 13:18:17 UTC