On 2011-06-09 16:31, Yutaka OIWA wrote:
... password stealing, session hijack, and phishing. Currently, the HTTP core protocol only provides basic plaintext password authentication and MD5-based hashed password authentication, both of which are ...
That's kind of misleading; the core HTTP protocol doesn't define any concrete authentication schemes at all; it just offers a framework (header fields, status codes etc).
> ...
Both BoF and possible future working group expect well coordination with W3C's effort on the related topics. It shall also be in coordination with related IETF working groups, including websec, abfab and oauth. ...
I believe you need to add HTTPbis. Best regards, Julian _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
