W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

From: Keith Moore <moore@cs.utk.edu>
Date: Thu, 14 Jun 2007 07:13:18 -0400
Message-ID: <467122CE.2090501@cs.utk.edu>
To: "tom.petch" <cfinss@dial.pipex.com>
CC: Adrien de Croy <adrien@qbik.com>, Apps Discuss <discuss@apps.ietf.org>, ietf-http-wg@w3.org


>>
>> Seems to me that the issue of securing communications and authenticating
>> or identifying parties are closely aligned, why not just have some form
>> of auth built into TLS, then we could use it for any protocol that can
>> use TLS, instead of having to implement separate auth schemes for every
>> higher protocol.
>>
>>     
> TLS can do that but it does not gel with the way in which (many) organisations
> are structured.  Those responsible for security, for security credentials and
> their maintenance, do not want to be ferreting around in the depths of a network
> stack, they prefer working at application and database level, a point that has
> already been alluded to in this thread.

how exactly does sending TLS credentials involve ferreting around in the
depths of a network stack?
Received on Thursday, 14 June 2007 11:14:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT