RE: Drafting mux WG charter

From: by way of Henrik Frystyk Nielsen (joshco@microsoft.com)
Date: Tue, Feb 09 1999


Message-Id: <3.0.5.32.19990209185517.030aca80@localhost>
Date: Tue, 09 Feb 1999 18:55:17 -0500
To: ietf-http-ng@w3.org
From: Josh Cohen <joshco@microsoft.com> (by way of Henrik Frystyk Nielsen <frystyk@w3.org>)
Subject: RE: Drafting mux WG charter

I dont think that the authors of the charter truly intend
to "punt all security".

It seems to me that a reasonable MUX effort can get underway
and provide good security.

Obviously, the group needs to keep security considerations in mind
and will have some serious work ahead of them beyond just
the security issue.  I'd like to see the group get started
and discuss the issues going forward instead of objecting
to the charter now.




> -----Original Message-----
> From: Chris Newman [mailto:chris@INNOSOFT.COM]
> Sent: Tuesday, February 09, 1999 12:28 PM
> To: Mike Spreitzer
> Cc: ietf-http-ng@w3.org; discuss@apps.ietf.org
> Subject: Re: Drafting mux WG charter
> 
> 
> On Tue, 9 Feb 1999, Mike Spreitzer wrote:
> > At the HTTP-NG BOF at IETF-43 it was agreed to proceed 
> chartering a WG
> > to work on a muxing protocol.  This protocol addresses a 
> subset of the
> > problems outlined for APPLCORE.  As I've said before, I 
> think the right
> > approach for APPLCORE (and HTTP-NG as well) is to produce 
> very modular
> > specifications.  In particular, the two communities should 
> get together
> > on the problems addressed by the mux protocol.  I've been 
> working on a
> > charter for a mux WG, with discussion on the 
> ietf-http-ng@w3.org mailing
> > list (to join, see HTTP-NG home page at
> > http://www.w3.org/Protocols/HTTP-NG/).  I've just posted a 
> new mux WG
> > charter draft, at
> > 
> > <http://www.w3.org/Protocols/HTTP-NG/1999/02/mux-Charter-209.html>
> 
> I'm concerned about the idea of the IETF designing a protocol which
> completely punts on security issues.  If this is a protocol 
> with a port
> number, then it needs to explain how security is activated 
> for that port.
> If it's just a layer, then it needs to explain how it's 
> integrated into
> lower-level security services or explain the consequences of security
> attacks if a higher-level security service is used.  Security tends to
> pervade all layers of all stacks in a truly secure system, so 
> I'm dubious
> it can be punted as this charter proposes.
> 
> I'm also uncomfortable with the idea of replicating all the 
> flow-control
> machinery of TCP in a layer above it.  The consequences of 
> doing so should
> be documented and justified.
> 
> 		- Chris
>