On 6/7/06, James Holderness <[EMAIL PROTECTED]> wrote:
Ok, so let's say I have an internal company wiki that's editable using APP.
The wiki is hosted on our internal network and everyone accessing the wiki
is on the internal network too. Everything behind a firewall. Hell, maybe we
aren't even connected to the internet at all. The wiki uses basic auth for
identification. Why is it that we MUST use a secure connection.
...bingo. This section shouldn't make normative statements at all.
It's job is as follows:
Authors MUST describe
1. which attacks are out of scope (and why!)
2. which attacks are in-scope
2.1 and the protocol is susceptible to
2.2 and the protocol protects against
<http://www.ietf.org/rfc/rfc3552.txt>
--
Robert Sayre
