HTTPS Everywhere brings HTTPS almost everywhere
Posted Jul 4, 2010 6:05 UTC (Sun) by TRS-80
In reply to: HTTPS Everywhere brings HTTPS almost everywhere
Parent article: HTTPS Everywhere brings HTTPS almost everywhere
There is SASL/SRP too, but it's never been standardised in an RFC and isn't widely supported.
As for why SRP/TLS instead of TLS+SASL, the latter still requires a CA or self-signed certificates. HTTP auth isn't used much in the real world, and TLS/SRP isn't useful everywhere, since it requires a shared secret before establishing TLS. But when you have that, it's better than TLS+HTTP auth becuase again you don't require a CA, which is what cortana was asking about.
to post comments)