On Apr 7, 2014, at 10:12 AM, Spencer Dawkins
<spencerdawkins(_dot_)ietf(_at_)gmail(_dot_)com> wrote:
We could find out something, without making Stewart run a state-of-the-art
secure environment on his IoT device to FTP Internet Drafts.
Well, e.g. allowing client certs for authentication without requiring them
would certainly be interesting. And we certainly should make sure that
authentication credentials are never accidentally sent in the clear—the web
server shouldn't even propose authentication other than over a secure link.
Not sure we can do that with FTP.