W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: [Ietf-http-auth] Updating RFC 2617 (HTTP Digest) to use UTF-8

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 17 Oct 2006 23:02:53 +0200
Message-ID: <453544FD.8040500@gmx.de>
To: Lisa Dusseault <lisa@osafoundation.org>
CC: Robert Sayre <sayrer@gmail.com>, lists@ingostruck.de, Larry Masinter <masinter@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>

Lisa Dusseault schrieb:
> 
> I would expect that any new Proposed Standard RFC would have to take 
> into account the heightened expectations around mandatory-to-implement 
> security technologies.  Updates to previous RFCs would not necessarily 
> be immune to that.  I believe it's very important to clarify what HTTP 
> clients and servers do need to support to provide adequate security for 
> modern applications -- HTTP is hardly immune to attacks, and 
> authentication technology is one of the failing pieces here which allows 
> those attacks.  See for example the discussion at the Web Authentication 
> Enhancements BoF at the last IETF 
> <http://www3.ietf.org/proceedings/06jul/index.html>.

Well, if the IESG expects a revision to RFC2616 to step into the area 
covered by RFC2617, then I must agree with Robert that it's probably not 
worth trying, and that less harm is done by sticking to whatever RFC2616 
is saying today.

Best regards, Julian
Received on Tuesday, 17 October 2006 21:03:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT