Robert Sayre wrote: > On 9/19/06, Harald Alvestrand <harald@xxxxxxxxxxxxx> wrote: >> Robert Sayre wrote: >> > >> > I don't disagree. The IETF might first try to design an authentication >> > feature worth requiring. None of the current options are at all >> > satisfactory. >> >> In fact TLS + HTTP Basic Auth is pretty interoperable, secure against >> quite a few attacks, and widely deployed. > > Ah, this is the "wink, wink" approach to mandatory authentication. > Specify something no one uses. Here is my bank's web site: > <http://www.chase.com/>. It looks like a phishing attack. If you try https://www.chase.com it redirects you to http://www.chase.com. How lame.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf