W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

From: Robert Sayre <sayrer@gmail.com>
Date: Tue, 17 Oct 2006 20:38:15 -0400
Message-ID: <68fba5c50610171738k1d150ad9pa80af3f07e73f0a2@mail.gmail.com>
To: "Bjoern Hoehrmann" <derhoermi@gmx.net>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>

On 10/17/06, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:
> * Robert Sayre wrote:
> >On 10/17/06, Lisa Dusseault <lisa@osafoundation.org> wrote:
> >>
> >> Since there are so many ways to approach this, so many variations in
> >> what specs are revised and how they depend upon each other, I can't
> >> say whether I, or the IESG, expect a revision to RFC2616 to "step
> >> into" the area covered by RFC2617.
> >
> >Perhaps we should poll the HTTP community as a start. Does anyone
> >think mandatory-to-implement security mechanisms will be helpful and
> >realistic?
> Of course! Are you proposing to remove all the existing mandatory-to-
> implement security mechanisms in RFC 2616 and RFC 2617?


This is not a very helpful answer. Let me be more specific.

Does anyone think mandatory-to-implement authentication schemes or
transport-layer security mechanisms will be helpful and realistic?


Robert Sayre

"I would have written a shorter letter, but I did not have the time."
Received on Wednesday, 18 October 2006 00:38:21 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:40 UTC