On Jun 8, 2009, at 11:58 PM, Thomson, Martin wrote:
[1] The document is clear on its use of digest/basic: the LIS MUST
NOT rely on it being used. That’s in recognition of the above
constraint. In other words, the LIS MUST NOT fail a request because
the device did not provide authentication. That doesn’t prevent it
from being used in an extension to the protocol.
That may have been the intent, but the wording is of the form "MUST
NOT relay on [cookies] or _use_ Basic or Digest
authentication." (emphasis mine). So if you edit out the cookies
phrase, it says you MUST NOT use basic or digest authentication.
Mary proposed in a separate email to relax that to a SHOULD NOT-but if
I recall that was still SHOULD NOT rely on cookies or _use_ digest.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf