On Apr 7, 2014, at 10:12 AM, Spencer Dawkins <spencerdawkins.ietf@xxxxxxxxx> wrote: > We could find out something, without making Stewart run a state-of-the-art secure environment on his IoT device to FTP Internet Drafts. Well, e.g. allowing client certs for authentication without requiring them would certainly be interesting. And we certainly should make sure that authentication credentials are never accidentally sent in the clear—the web server shouldn't even propose authentication other than over a secure link. Not sure we can do that with FTP.