Robert Sayre wrote:
On 9/19/06, Harald Alvestrand <harald(_at_)alvestrand(_dot_)no> wrote:
Robert Sayre wrote:
I don't disagree. The IETF might first try to design an authentication
feature worth requiring. None of the current options are at all
satisfactory.
In fact TLS + HTTP Basic Auth is pretty interoperable, secure against
quite a few attacks, and widely deployed.
Ah, this is the "wink, wink" approach to mandatory authentication.
Specify something no one uses. Here is my bank's web site:
<http://www.chase.com/>. It looks like a phishing attack.
If you try https://www.chase.com it redirects you to
http://www.chase.com. How lame.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf