Wouter Verhelst <[EMAIL PROTECTED]> writes: > (for some infathomable reason, the firefox developers consider Negotiate > authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno > why that is, and never saw a compelling argument...)
Well, having your browser spontaneously authenticate you to any system keyed in your local realm or in a realm with which you have cross-realm trust is something of a leak of personal information. I can see why they wouldn't want that to happen silently on request. I think the real solution would be to add a drop-down prompt similar to the prompts for pop-up menus and the like for sites that are attempting Negotiate-Auth, rather than just disabling it by default.... -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
