Re: HTTP as OCP transport, ICAP/2.02003-04-23 07:55:00[ again, not speaking as a co-chair... ] I thought BEEP's security was the same as HTTP's: use TLS. no. you can negotiate the use of tls with beep. (in contrast, with most http implementations, it's not a negotiation, it's "just there" or not, depending on the port you open.) in addition, tls uses sasl which can complement, or replace tls' functionality. for example, want to authenticate/privatize using kerberos? no problem, negotiate the use of the kerberos mechanism in sasl. /mtr
|
|