W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2007

RE: Straw-man charter

From: Larry Masinter <LMM@acm.org>
Date: Thu, 8 Mar 2007 11:15:39 -0800
To: "'Mark Nottingham'" <mnot@mnot.net>, "'Julian Reschke'" <julian.reschke@gmx.de>
Cc: "'Robert Sayre'" <sayrer@gmail.com>, "'Lisa Dusseault'" <lisa@osafoundation.org>, <ietf-http-wg@w3.org>
Message-ID: <001a01c761b6$28c5c3e0$55f0070a@adobenet.global.adobe.com> 

>    * Identify mandatory-to-implement security mechanisms

There is no deadlock, or really a contradiction
"Identify mechanisms" doesn't mean that there will be
a single mechanism, and "mandatory-to-implement" doesn't
mean "mandatory in all situations".

BCP 56/RFC 3205 ("On the use of HTTP as a Substrate")
section 2.3 ("Security") seems to me like a good start
on what the security requirements for HTTP should be,
and perhaps the charter item for the working group
should be to review that section and either reference
it or update it as necessary.

Larry
Received on Thursday, 8 March 2007 19:16:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:25 GMT