Resolving Digest authentication issue from Jason Crawford on 2001-11-06 (w3c-dist-auth@w3.org from October to December 2001) (original) (raw)

So we agree that Larry's option (b) is what we prefer to go with and that Jim Whitehead's proposal, which multiple people have supported, falls in category (b).

The remaining question seems to be whether we will include any language about a secure network. The text was...

Basic MUST NOT be used unless the connection is secure. Secure is defined to be TLS over the Internet, a physically secure network, or a network behind a well-administered firewall.

Client requirements: MUST support Basic, SSL/TLS support is STRONGLY RECOMMENDED Server requirements: SHOULD support Basic, SSL/TLS support is STRONGLY RECOMMENDED

Instead perhaps we can say something like the following...

Basic MUST NOT be used unless the connection is secure. The recommended method for securing a connection is TLS.

Client requirements: MUST support Basic, SSL/TLS support is STRONGLY RECOMMENDED Server requirements: SHOULD support Basic, SSL/TLS support is STRONGLY RECOMMENDED

J.

Phone: 914-784-7569, ccjason@us.ibm.com

Received on Tuesday, 6 November 2001 13🔞17 UTC