Re: Drafting mux WG charter

From: Jim Gettys (jg@pa.dec.com)
Date: Wed, Feb 10 1999


Message-Id: <3.0.5.32.19990210111302.0369b210@localhost>
Date: Wed, 10 Feb 1999 11:13:02 -0500
To: ietf-http-ng@w3.org
From: jg@pa.dec.com (Jim Gettys) (by way of Henrik Frystyk Nielsen <frystyk@w3.org>)
Subject: Re: Drafting mux WG charter


I had a conversation with some of the serious security guru's (Steve Bellovin 
in particular) in Orlando about mux, and where security would go in it.  

The conclusion we had come to in our design work was that it belonged 
either above, or below the mux layer, depending on the application, but 
that a mux itself did not need to address this (other than security 
considerations of its use, of course; for example, fate sharing as denial 
of service attack, etc.)).

Steve gave it a few minutes thought, and agreed with our beliefs.

I don't think it should end there, I'd like a bit more thought out of people
like Steve before we say "it is mostly not our problem; don't shoot yourself
in the foot with it by doing the following N dumb things", but I suspect
it isn't a huge problem.

I think the charter should, however, be clear that we need to get careful
review of the security considerations section by systems security experts.
				- Jim