Julian Reschke wrote:
On 2011-06-09 16:31, Yutaka OIWA wrote:
...
password stealing, session hijack, and phishing. Currently, the HTTP
core protocol only provides basic plaintext password authentication
and MD5-based hashed password authentication, both of which are
...
That's kind of misleading; the core HTTP protocol doesn't define any
concrete authentication schemes at all; it just offers a framework
(header fields, status codes etc).
> ...
Both BoF and possible future working group expect well coordination
with W3C's effort on the related topics. It shall also be in
coordination with related IETF working groups, including websec, abfab
and oauth.
...
I believe you need to add HTTPbis.
+1.
I would also add Kitten.
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
