Re: Access Authorization

Ari Luotonen (luotonen@ptsun00.cern.ch)
Fri, 17 Sep 93 09:56:11 +0200


Larry Masinter:
> I pointed folks at the existing RFC 1416 for Telnet authorization
> negotiation. Why reinvent? Is RFC 1416 unworkable?

This RFC defines how to fit Kerberos and such authentication into
the telnet framework. This is unusable because telnet negotiation
is built on the fact that there is a session -- in HTTP we try to
avoid that. Besides, there is really very little anything new in my
proposal, most of it conforms with RFC1421, Privacy Enhanced Mail.
It is only dressed up in terms of HTTP. And because we can do it
without a session, then why fight agaist it so hard?

-- Ari --