Re: Authentication

[John Panzer]

John Panzer wrote on 6/8/2006, 11:10 AM: Eric Scheid wrote: On 8/6/06 11:12 PM, "James Holderness" <[EMAIL PROTECTED]> wrote: [...] wiki [...] wiki ... I host a wiki, it's publicly available on the internet, I don't require accounts or passwords or any of that palaver in order to post. Why MUST those open slather anonymous edits be protected with some kind of authentication? e. I can't find the original text people are objecting to on this thread, but would it make sense to simply say that servers _which wish to provide authentication_ (SHOULD/MUST/MAY/whatever) X?  And that clients should be prepared for servers which don't do authentication? I found the text, by the way, and it said this: Servers utilizing authentication mechanisms that involve the clear-text transmission of a password (e.g. HTTP Basic Authentication) MUST secure the connection using, for example, a Transport Layer Security (TLS) connection. So it was already excluding Eric's server.  It now says this: Servers utilizing authentication mechanisms that involve the clear-text transmission of a password (e.g. HTTP Basic Authentication) are encouraged to secure the connection using, for example, a Transport Layer Security (TLS) connection. Which still excludes Eric's server, and also hopefully reminds clients to check that they work with TLS if they plan to do authentication at all.  If they only connect to Eric's server, they can ignore this paragraph of course. -- John Panzer System Architect http://abstractioneer.org