- From: Robert Sayre <sayrer@gmail.com>
- Date: Thu, 31 May 2007 01:28:39 -0400
- To: "Mark Nottingham" <mnot@mnot.net>
- Cc: "Larry Masinter" <LMM@acm.org>, "Eliot Lear" <lear@cisco.com>, "Julian Reschke" <julian.reschke@gmx.de>, "Paul Hoffman" <phoffman@imc.org>, "Apps Discuss" <discuss@apps.ietf.org>, ietf-http-wg@w3.org
On 5/31/07, Mark Nottingham <mnot@mnot.net> wrote: > > Robert's draft is orthogonal to a 2617 update; the idea of that is to > address the need for MTI security. My draft is orthogonal to things that are unimplementable, because it seeks to document what has actually happened, and why it did. It may be possible to design an MTI scheme for HTTP. So far, the text in my draft leads me to believe that HTTP authentication is wedged between graphic design, scalability, and security in such a way that implementors of a given protocol will never be able to agree on shared trade-offs. But I have only written what I know. I'm sure the document can be augmented and corrected. > It would be interesting to compile issues for 2617 as well, to see > what the scope of work would be. If we can keep the scope to errata > and clarifications (i.e., not introducing new schemes), it might be > doable. My feeling is that the current schemes can be updated by documenting the internationalization behavior of popular implementations, but nothing else is worth doing. -- Robert Sayre "I would have written a shorter letter, but I did not have the time."
Received on Thursday, 31 May 2007 05:35:37 UTC