W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

WRAPPED (was Re: remove PATCH, COPY, MOVE, DELETE, etc.? Upgrade? )

From: Larry Masinter <masinter@parc.xerox.com>
Date: Sat, 24 Feb 1996 00:05:05 PST
To: khare@w3.org
Cc: fielding@avron.ICS.UCI.EDU, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <96Feb24.000515pst.2733@golden.parc.xerox.com>
> Because, not to offend anyone's intelligence, application-layer security !=  
> channel-layer, and I'd hope that HTTP security would be done *within* HTTP  
> rather than in some security protocol that looks like pseudo-HTTP. That way,  
> it will track the evolution of HTTP itself. For example, try sending a  
> chunked-transfer-encoding stream through SHTTP: it can't, it would have to be  
> buffered up, since SHTTP doesn't track new 1.1 encodings. Security outside  
> HTTP cannot react as directly to new authentication schemes, interoperation  
> with noninvolved proxies, etc.

The WTS group is scheduled to discuss the SHTTP proposal at the march
meeting, prior to sending it on to IESG for "last call".  As far as I
have seen, there has been no discussion of this point of view on the
WTS mailing list.

Since this is the entire agenda for WTS, that is, there is a separate
working group constituted by the IESG to deal with web security
issues, it makes no sense for us to continue to discuss these issues
here, especially when they have not been discussed THERE.

Theoretical arguments about protocol extensibility hold no weight
against long-standing implementation experience.

I propose that we not take up "WRAPPED" again until *after* the
discussion at the WTS working group on WRAPPED vs. SHTTP.

Fortunately, HTTP meets on Tuesday and Thursday, and WTS meets on
Wednesday, so it is possible to revisit WRAPPED in HTTP on Thursday if
there's something to report from the WTS discussion.
Received on Saturday, 24 February 1996 00:14:43 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:46 EDT