Paul Hoffman wrote:
At 10:13 AM -0700 6/7/06, John Panzer wrote:
I see several +1's to the 'https+basic recommended but not required'
idea, and no -1's. Paul, how do you conclude that there's no
consensus here?
From a protocol standpoint, "recommended but not required" equates to
"MAY". That is isomorphic with what I wrote.
I think that people were saying +1 to a mention of at least one
authentication scheme (https+basic) that would help with
interoperability of clients and servers which care about authentication.
I don't think that just saying "you MAY use some type of
authentication" is the same thing.
-John
