I dont think that I said anything about not paying attention to security.
I'll will remind you that I was the only one with working SSL3
implementations on client and server at the recent bake-off. I am very
concerned about it.
I was commenting that carl-uno's flowchart did not analyse the pros and cons
of the various security choices it merely said (and I paraphrase somewhat)
"We better do this becasue we wont get an RFC if we dont". I.e "even if it
sucks we'll do it anyway". BTW I'm not suggesting that anything does suck
either merely that being asked to turn my brain off to all logic other than
getting an RFC seemed too much.
-----Original Message-----
From: Larry Masinter [mailto:masinter at parc.xerox.com]
Sent: Friday, April 09, 1999 3:37 PM
To: Paul Moore
Cc: IETF-IPP; 'Manros, Carl-Uno B'; Michael Sweet
Subject: RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest
Authentication
> So no matter whether we think it makes sense or not the overriding thing
is
> to get an IETF standard
Paul,
The idea that it doesn't "make sense" to pay attention
to security considerations in implementing Internet
services is what led to the Melissa virus.
Regards,
Larry