[
Lists Home |
Date Index |
Thread Index
]
> I certainly don't agree that client side management is worse than
> cookies.
We've avoided anecdotal arguments so far, so I can just leave this
one hanging out there without a response.
> I'm not sure what you mean by "end-user knowledge" in this context.
I meant that WWW servers often have language saying things like "click
remember me to avoid logggin in each time (uses cookies)." You never see
a web browser say "and by the way, we'll send this name/password over
the internet every time you fetch anything from this server." In other
words, servers and users know about cookies -- they've been in the news,
and are in the public consciousness. You can't say the same thing
about http basic-auth.
Browsers have had cookie-management tools longer than they've had
password-management tools.
> It may well be that digest authentication is uninteroperable on the
> web as it exists today. However, that hasn't been shown to be the
> case yet.
Did you miss the posting where I said IE5 just gives up? Given the
market penetration of IE5 on the web, I think that's sufficient proof
that interoperable digest isn't available now. Of all the web sites
you use, do you know of one that does it?
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
