Nicolas.Williams at sun.com
Tue Mar 7 15:03:37 PST 2006
On Tue, Mar 07, 2006 at 05:55:40PM -0500, Jeffrey Altman wrote:
> Leif Johansson wrote:
> >>> Please supply more (better!) reasons for one vs. the other :)
> > Then (pragmatically) I'd say TLS will be more difficult to deploy given
> > the fact that most TLS implementations aren't quick to extend the set of
> > mechanisms they support.
> > Also I (dare) re-iterate that there will probably be dependency-loops
> > for at least one GSSAPI implementation I am aware of :-) but that should
> > certainly not stop anyone.
> > I have heard Love and others speak favorably about the combination of
> > anonymous TLS or BTNS and something like Negotiate. That way you don't
> > depend on two infrastructures (PKI for host-certs and whatever you use
> > for GSSAPI).
Ah, I'd forgotten that choice (how could I! I was at the Vancouver
dinner BoF where we discussed it).
More information about the Ietf-http-auth