On 2/23/06, John Panzer <[EMAIL PROTECTED]> wrote: > Actually, I don't think this is true. Both Blogger and AOL (us) have > apparently arrived at the same conclusion independently: From a server > perspective, HTTP Basic over TLS is minimally acceptable security for doing > authoring operations on web logs and isn't a burden for clients. Non-TLS > using Basic or Digest is a nonstarter and will be rejected. (I'm speaking > for what AOL is going to do here, not for Blogger, but I _think_ that's what > Blogger is doing too from observation.) > > So, given this situation, I think it's minimally worth mentioning in the > spec that clients SHOULD support HTTP Basic over TLS.
I agree with that statement. I think where we got our wires crossed is that I was talking about server support above. -joe -- Joe Gregorio http://bitworking.org
