On 6/7/06, Paul Hoffman <[EMAIL PROTECTED]> wrote:
At 10:13 AM -0700 6/7/06, John Panzer wrote: >I see several +1's to the 'https+basic recommended but not required' >idea, and no -1's. Paul, how do you conclude that there's no >consensus here? From a protocol standpoint, "recommended but not required" equates to "MAY". That is isomorphic with what I wrote.
Your text recommended authentication in general. John is looking to recommend Basic+TLS support. I am more comfortable with your text, since Basic+TLS is very vulnerable to phishing. Other schemes have their own problems, of course. -- Robert Sayre
