W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: Security Properties, was: Rechartering HTTPbis

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 3 Feb 2012 11:58:59 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <0B467AA9-B006-4400-89F5-AE4207C23C74@mnot.net>
To: Julian Reschke <julian.reschke@gmx.de>

On 03/02/2012, at 12:34 AM, Julian Reschke wrote:

> On 2012-01-24 04:55, Mark Nottingham wrote:
>> ...
>>   Feb 2012    Working Group Last Call for HTTP Security Properties
>> ...
> 
> Out of curiosity: this document hasn't changes since March 2010. Do we plan to do any additional work on it?


That's a good question. Originally, this document was put into our charter to address the need for Mandatory-to-Implement security in HTTP; since we couldn't make it a hard requirement, it was thought that educating users / implementers / administrators was the next best thing.

In the meantime, it's been difficult to get forward momentum on the document (perhaps because it is so broad, and because for it to be useful, it needs to be detailed; however, if it's detailed, it will likely become stale quickly, IMO). 

We should discuss this as part of re-chartering; if HTTP/2.0 has MTI security, it could change things.

Regards,

--
Mark Nottingham   http://www.mnot.net/
Received on Friday, 3 February 2012 00:59:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:54 GMT