On Sun, Aug 31, 2008 at 01:16:32AM +0200, Bastian Blank wrote: > On Sat, Aug 30, 2008 at 06:48:57PM +0200, Wouter Verhelst wrote: > > (for some infathomable reason, the firefox developers consider Negotiate > > authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno > > why that is, and never saw a compelling argument...)
> Negotiate auth does not provide confidentiality or integrity protection > different to the normal use of kerberos. Well, ok, but you're negotiating *authentication*. Why are confidentiality and integrity protection required for that? Firefox doesn't exactly have HTTP basic auth support disabled by default, either... -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
