- From: Robert Sayre <sayrer@gmail.com>
- Date: Thu, 8 Mar 2007 04:26:10 -0500
- To: "Mark Nottingham" <mnot@mnot.net>, "Lisa Dusseault" <lisa@osafoundation.org>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
>
> HyperText Transfer Protocol Revision (http-bis) Charter
>
> Last Modified: 2007-01-14
>
...
> The working group will refine RFC2616 to:
> * Identify mandatory-to-implement security mechanisms
...
> The working group must not introduce a new version of HTTP.
It seems obvious that these two clauses are incompatible. We've
discussed this on the list before. I have a draft that states:
It is possible that HTTP will be revised in the future. HTTP 1.1 [RFC2616]
and Use and Interpretation of HTTP Version Numbers [RFC2145] define
conformance requirements in relation to version numbers. In HTTP 1.1,
all authentication mechanisms are OPTIONAL, and no single transport
substrate is specified. Any HTTP revision that adds a mandatory security
mechanism or transport substrate MUST increment the HTTP version
number appropriately.
Does that paragraph contain incorrect information? If not, the charter
is inappropriate, because it disregards the IETF consensus recorded in
several documents.
Thoughts?
--
Robert Sayre
"I would have written a shorter letter, but I did not have the time."
Received on Thursday, 8 March 2007 09:33:46 UTC