Re: Protocol Authentication (was Re: Collection convergence?)

[Robert Sayre <mint@xxxxxxxxxxxxxxx>]

Robert Sayre wrote:

> > Therefore, absent any spec, I'd probably 
> > require TLS and HTTP Basic (and possibly allow Digest if trivial to 
> > do) for AOL Journals.  Would this be interoperable with all clients?
>
>
> Nope, that's the problem. In particular, CGI programs such as Movable 
> Type, Blosxom, and Ruby on Rails can't use it.

Oh, you said clients. The answer is no. For instance, Java MIDP 1.0 
phones (cheaper/older) can no longer talk to Blogger because they don't 
support TLS. MIDP 2.0 phones can.

Another issue I just thought of is that it's possible to secure the 
transport in lots of ways (e.g. HTTP over SSH), so why are we dictating 
anything? In fact, Mark and I collaborate on the format draft using HTTP 
over SSH.

What a mess, huh? Maybe we should explain why we can't help.

Robert Sayre