W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: [Ietf-http-auth] Updating RFC 2617 (HTTP Digest) to use UTF-8

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Tue, 17 Oct 2006 13:46:02 -0700
Message-Id: <FD096925-E9E7-403A-8D67-5503A8F3AFED@osafoundation.org>
Cc: lists@ingostruck.de, "Larry Masinter" <masinter@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
To: Robert Sayre <sayrer@gmail.com>

I would expect that any new Proposed Standard RFC would have to take  
into account the heightened expectations around mandatory-to- 
implement security technologies.  Updates to previous RFCs would not  
necessarily be immune to that.  I believe it's very important to  
clarify what HTTP clients and servers do need to support to provide  
adequate security for modern applications -- HTTP is hardly immune to  
attacks, and authentication technology is one of the failing pieces  
here which allows those attacks.  See for example the discussion at  
the Web Authentication Enhancements BoF at the last IETF <http:// 
www3.ietf.org/proceedings/06jul/index.html>.

Lisa

On Oct 16, 2006, at 4:37 PM, Robert Sayre wrote:

> On 10/16/06, Lisa Dusseault <lisa@osafoundation.org> wrote:
>>  I strongly support efforts to update these specs so
>> let me know how I can help as AD or if there are any questions I can
>> answer.
>
> Hi Lisa,
>
> How do efforts to update these specs relate to the normative folklore
> regarding mandatory to implement security technologies?
>
> -- 
>
> Robert Sayre
Received on Tuesday, 17 October 2006 20:47:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT