On 24/02/2012, at 12:24 PM, Roy T. Fielding wrote: > On Feb 23, 2012, at 5:18 PM, Tim Bray wrote: >> On Thu, Feb 23, 2012 at 5:13 PM, Roy T. Fielding <fielding@xxxxxxxx> wrote: >> >>> How many times do we have to do this before we declare insanity? >>> I don't care how much risk it adds to the HTTP charter. They are >>> all just meaningless deadlines anyway. If we want HTTP to have >>> something other than Basic (1993) and Digest (1995) authentication, >>> then it had better be part of *this* charter so that the proposals >>> can address them. >> >> Well, Digest already isn't used by anyone :) > > A popular misconception because it works unseen. See tools.ietf.org > >> Seriously, someone needs to propose some charter language or this >> discussion is a no-op. -Tim > > "Proposals for new HTTP authentication schemes are in scope." No one has said they're out of scope; this discussion has been about whether -- at this point in time, before we have proposals -- we require the outcome to jump through some particular hoop regarding security. Cheers, -- Mark Nottingham http://www.mnot.net/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf