-----Original Message-----
From: Josh Cohen [mailto:joshco@microsoft.com]
Sent: Friday, March 19, 1999 11:31 AM
To: Paul Moore; 'Manros, Carl-Uno B'
Cc: 'IETF-IPP'
Subject: IPP> RE: MOD - Proposed new functionality for clients to invoke
HTTP s ecur ity
> Paul said:
>
> If a server supports anon and basic, even if I have a userid
> and password my jobs get submitted as anonymous
>
This is a good point, I doubt this scenario has been discussed
before.
Is a viable option to:
if you have credentials, why not just send them along
the first time ?
My first thought was that this might result in sending the
creds to unauthorized sites, which is a security issue.
However, it really isnt, you'd send those creds anyway if
the server challenged you (provoked or unprovoked).
Either way, you'd need to know which servers are allowed
to receive which credentials if you want to avoid this.
And of course, hopefully your using digest, so that the
credentials are useless anyway.