On 2012-02-23 23:33, Doug Barton wrote:
I don't *quite* go back 2 decades, but a big +1 to "all my experiences
with bolt-on security have been bad."
bolt-on != modular/optional
If you want to "require" security in whatever comes out of this
activity, you better define what security means, and also explain what
keeps you from doing it right now.
Again: is there anything in the HTTP/1.1 authentication *framework* that
prevents a "good" authentication scheme to be defined? I really like to
know.
Best regards, Julian
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf