From the draft:
At a minimum, client and server implementations MUST be capable of being configured to use HTTP Basic Authentication [RFC2617] in conjunction with a TLS connection as specified by [RFC2818]. See [RFC4346] for more information on TLS.
I've discovered a small but potentially critical mistake in the references here. RFC2818 is an informative reference, so the text must read "as specified by [RFC4346]".
- Rob _______________________________________________ Ietf mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ietf
