W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 20 Oct 2006 12:11:24 +0200
Message-ID: <4538A0CC.8010101@gmx.de>
To: HTTP Working Group <ietf-http-wg@w3.org>
CC: Paul Leach <paulle@windows.microsoft.com>

Right Stefan.

To expand even further on that: requiring a MTI security mechanism for a 
theoretical HTTP/1.2 spec may be a good thing. Requiring it for a 
potential revision of HTTP/1.1 IMHO doesn't work, because today there is 
no common approach one could document; that is, a revision would break 
conforming implementations.

But Robert's complaint was triggered by the IESG asking for that kind of 
security mechanism for specs that just happen to *use* HTTP, such as 
AtomPub, CalDAV or XCAP. Those are applications of HTTP, not new protocols.

Best regards, Julian
Received on Friday, 20 October 2006 10:11:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT