W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

From: Keith Moore <moore@cs.utk.edu>
Date: Thu, 07 Jun 2007 12:10:46 -0400
Message-ID: <46682E06.7030603@cs.utk.edu>
To: Julian Reschke <julian.reschke@gmx.de>
CC: Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>

no.  deprecate 2617.  deprecate the framework that is in 2616.  HTTP
security needs a clean slate approach.
> maybe things become clearer if we consider re-organizing the security
> stuff?
>
> Currently,
>
> - RFC2616 refers (normatively?) to RFC2617 for authentication, and
>
> - RFC2617 defines a framework (Section 1.2) and two schemes (Basic and
> Digest).
>
> Assuming that there's no immediate need to change the framework
> defines in RCF2617, Section 1.2, wouldn't it make sense to:
>
> - Move the authentication framework itself into RFC2616bis, and
>
> - to then publish stand-alone documents upgrading/fixing both Basic
> and Digest?
>
> The benefits being:
>
> - RFC2616bis doesn't have the dependency on its sister spec anymore,
> which suffers from Basic and Digest problems, and
>
> - Basic, Digest and new schemes could evolve independently.
>
> Best regards, Julian
>
>
>
Received on Thursday, 7 June 2007 16:12:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT