Re: [moore@cs.utk.edu: http digest auth + http 1.1?]
hallam@ai.mit.edu
Mon, 26 Aug 96 13:50:13 -0400
>Larry Masinter:
>>
>>It is my belief that it is the intent of the working group that digest
>>authentication be part of HTTP/1.1.
>>
>>If you disagree, would you please let me know ASAP?
This was what it was originally proposed as.
The original idea was that DIGEST would be the preferred method
and that BASIC be *VERY* strongly depreciated. That is why so
much effort was made into making a scheme that was 100% plug
compatible with BASIC. If the idea was to produce the best
possible digest authentication scheme we would have made a very
different proposal.
About the only use for BASIC at present is in conjunction with
SSL where it might possibly be preferable to DIGEST but not by
much.
I like Dave Kristol's proposal that suport for BASIC in 1.1
implies support for DIGEST.
My understanding was that we were hoping to have DIGEST docked
and that only the adminstrivia issues would argue to not dock.
If the IESG are willing for docking to take place and any such
moves can be coordinated between the RFC edditor and the HTTP
editor then fair enough.
Phill