W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

RE: Straw-man charter for http-bis

From: Paul Leach <paulle@windows.microsoft.com>
Date: Thu, 7 Jun 2007 11:03:59 -0700
Message-ID: <76323E9F0A911944A4E9225FACFC55BA04C3D4BC@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com>
To: Justin Erenkrantz <justin@erenkrantz.com>, Paul Hoffman <phoffman@imc.org>
CC: Keith Moore <moore@cs.utk.edu>, Apps Discuss <discuss@apps.ietf.org>, <ietf-http-wg@w3.org>

For a long time, the IESG has required that all new protocols have a
"security considerations" section. I have not heard that that has
changed to a more stringent mandate. For many protocols, including HTTP,
that section would have to show that they are securable. However, in
addition, IMO it is obvious that for HTTP, that section also says that
anonymous clients and unauthenticated servers are OK in many
circumstances, and here are the mechanisms that can be used when it
isn't OK.

-----Original Message-----
From: Justin Erenkrantz
Sent: Thursday, June 07, 2007 1:57 PM

<snip>

Furthermore, my understanding is that IESG now requires all new
protocols to always be secure.  
Received on Thursday, 7 June 2007 18:04:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT