W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: Straw-man charter for http-bis

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 30 May 2007 17:44:52 +0200
Message-ID: <465D9BF4.40707@gmx.de>
To: Paul Hoffman <phoffman@imc.org>
CC: Mark Nottingham <mnot@mnot.net>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, Apps Discuss <discuss@apps.ietf.org>

Paul Hoffman wrote:
> The proposed charter has:
>   * Document the security properties of HTTP and its associated
>     mechanisms (e.g., Basic and Digest authentication, cookies, TLS)
>     for common applications
> So, would obviously-needed changes to the associated mechanisms be in 
> scope for the WG, or not?

I would have hoped that we can concentrate on revising RFC2616, and do 
just that. However, we got signals from IESG members that a revision of 
RFC2616 would not be accepted unless it improves the security story. 
IMHO a very bad idea.

Fixing it needs, but that needs to be done somewhere else.

>> Are there any specific extensions you have in mind?
> Definitely not. I was asking whether or not we want to clamp down on 
> charter creep now or later.

:-) I'd prefer the charter to be as small & precise as possible.

Best regards, Julian
Received on Wednesday, 30 May 2007 15:45:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:42 UTC