- From: David Morris <dwm@xpasc.com>
- Date: Tue, 17 Oct 2006 18:50:58 -0700 (PDT)
- To: Robert Sayre <sayrer@gmail.com>
- cc: Bjoern Hoehrmann <derhoermi@gmx.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Tue, 17 Oct 2006, Robert Sayre wrote: > > On 10/17/06, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: > > * Robert Sayre wrote: > > >On 10/17/06, Lisa Dusseault <lisa@osafoundation.org> wrote: > > >> > > >> Since there are so many ways to approach this, so many variations in > > >> what specs are revised and how they depend upon each other, I can't > > >> say whether I, or the IESG, expect a revision to RFC2616 to "step > > >> into" the area covered by RFC2617. > > > > > >Perhaps we should poll the HTTP community as a start. Does anyone > > >think mandatory-to-implement security mechanisms will be helpful and > > >realistic? > > > > Of course! Are you proposing to remove all the existing mandatory-to- > > implement security mechanisms in RFC 2616 and RFC 2617? > > Björn, > > This is not a very helpful answer. Let me be more specific. > > Does anyone think mandatory-to-implement authentication schemes or > transport-layer security mechanisms will be helpful and realistic? Yes ... w/o mandatory requirements there will be less availablity of support for security features. Mandatory requirements mean a software publisher can't claim compliance w/o implementing the feature. It is easier to report defects in a claimed feature than it is to get a 'new' feature implemented.
Received on Wednesday, 18 October 2006 02:19:38 UTC