Robert Sayre wrote: > On 9/19/06, Harald Alvestrand <[EMAIL PROTECTED]> wrote: >> Robert Sayre wrote: >> > >> > I don't disagree. The IETF might first try to design an authentication >> > feature worth requiring. None of the current options are at all >> > satisfactory. >> >> In fact TLS + HTTP Basic Auth is pretty interoperable, secure against >> quite a few attacks, and widely deployed. > > Ah, this is the "wink, wink" approach to mandatory authentication. > Specify something no one uses. Here is my bank's web site: > <http://www.chase.com/>. It looks like a phishing attack.
If you try https://www.chase.com it redirects you to http://www.chase.com. How lame.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf