Re: Straw-man charter from Mark Nottingham on 2007-03-06 (ietf-http-wg@w3.org from January to March 2007)

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 6 Mar 2007 09:53:20 -0800
To: <LMM@acm.org>
Cc: <ietf-http-wg@w3.org>
Message-Id: <75F0EBF4-05E7-452C-BD8A-92CAA16CBF7D@mnot.net>

Hi Larry,

Thanks, that's very helpful. A few responses/comments below;

On 06/03/2007, at 6:34 AM, Larry Masinter wrote:
>>
>>    * Incorporate errata
>
> Add 'and updates' -- it's my impression that several other RFCs
> update HTTP or attempt to clarify it, and these updates should
> be incorporated. (WebDAV?)

Generally I agree, except perhaps in the WebDAV case, as Julian says.

>>    * Clarify conformance requirements and targets
>
> I don't know what 'and targets' means. How about just
> 'Clarify conformance requirements'?

The target is the subject of the requirement; e.g., A Proxy MUST...

That said, "clarify conformance requirements" would do the same job.

>>    * Identify mandatory-to-implement security mechanisms
>
> I think, alas, it is necessary to update RFC2617, since the
> two documents go together. And I think the goal should be
> to address security in the context of HTTP's most common
> application, namely 'web browsing'.  I'm not quite sure
> how to rewrite this bullet. Best I can do for now is:
>
>      * Identify security mechanisms appropriate
>        (and mandatory to implement) for common applications
>        of HTTP, including web browsing.

That sounds possible. I'm not sure whether that requires a revision  
of 2617 or not; TLS+Basic may be satisfactory.

> If you really want to allow new features or capabilities,
> then take the whole feature out of base HTTP, and
> put it in a separate Proposed Standard document
> (using the now clarified extensibility mechanism).

I originally omitted the except clause, but I got some pushback  
because some people might interpret that as not allowing *anything*  
new on the wire, where we might find something is needed to fix  
something (e.g., pipelining). Since we're talking about folding in  
updates to HTTP, as long as it's backwards-compatible, it would seem  
to make sense to include such an update in the document, rather than  
folding in old updates, but putting new updates in new documents.

All that said, the intent here was to disallow people trying to do  
genuinely new features/capabilities that aren't interop-related to  
the protocol.

--
Mark Nottingham     http://www.mnot.net/

Received on Tuesday, 6 March 2007 17:53:19 UTC