- From: Lisa Dusseault <lisa@osafoundation.org>
- Date: Tue, 17 Oct 2006 13:46:02 -0700
- To: Robert Sayre <sayrer@gmail.com>
- Cc: lists@ingostruck.de, "Larry Masinter" <masinter@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
I would expect that any new Proposed Standard RFC would have to take into account the heightened expectations around mandatory-to- implement security technologies. Updates to previous RFCs would not necessarily be immune to that. I believe it's very important to clarify what HTTP clients and servers do need to support to provide adequate security for modern applications -- HTTP is hardly immune to attacks, and authentication technology is one of the failing pieces here which allows those attacks. See for example the discussion at the Web Authentication Enhancements BoF at the last IETF <http:// www3.ietf.org/proceedings/06jul/index.html>. Lisa On Oct 16, 2006, at 4:37 PM, Robert Sayre wrote: > On 10/16/06, Lisa Dusseault <lisa@osafoundation.org> wrote: >> I strongly support efforts to update these specs so >> let me know how I can help as AD or if there are any questions I can >> answer. > > Hi Lisa, > > How do efforts to update these specs relate to the normative folklore > regarding mandatory to implement security technologies? > > -- > > Robert Sayre
Received on Tuesday, 17 October 2006 20:47:19 UTC