W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

From: Chris Newman <Chris.Newman@Sun.COM>
Date: Fri, 08 Jun 2007 12:00:26 -0700
To: Julian Reschke <julian.reschke@gmx.de>, Paul Hoffman <phoffman@imc.org>
Cc: Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-id: <8A1C369985037B2AED5F566D@[10.1.110.5]>

Julian Reschke wrote on 6/7/07 18:01 +0200:
> maybe things become clearer if we consider re-organizing the security stuff?
>
> Currently,
>
> - RFC2616 refers (normatively?) to RFC2617 for authentication, and
>
> - RFC2617 defines a framework (Section 1.2) and two schemes (Basic and
> Digest).
>
> Assuming that there's no immediate need to change the framework defines in
> RCF2617, Section 1.2, wouldn't it make sense to:
>
> - Move the authentication framework itself into RFC2616bis, and
>
> - to then publish stand-alone documents upgrading/fixing both Basic and
> Digest?
>
> The benefits being:
>
> - RFC2616bis doesn't have the dependency on its sister spec anymore, which
> suffers from Basic and Digest problems, and
>
> - Basic, Digest and new schemes could evolve independently.

Sounds like an idea worth considering to me.  In past cases where Apps has 
bundled authentication mechanisms with general frameworks (e.g. RFC 1731, 
2595), the mechanisms have invariably been split away from the framework for 
one reason or another.

                - Chris
Received on Friday, 8 June 2007 19:00:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT