This RFC defines how to fit Kerberos and such authentication into
the telnet framework. This is unusable because telnet negotiation
is built on the fact that there is a session -- in HTTP we try to
avoid that. Besides, there is really very little anything new in my
proposal, most of it conforms with RFC1421, Privacy Enhanced Mail.
It is only dressed up in terms of HTTP. And because we can do it
without a session, then why fight agaist it so hard?
-- Ari --