W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 21 Feb 2012 19:33:08 +0100
Message-ID: <4F43E364.4040706@gmx.de>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: iesg@ietf.org, IETF-Discussion <ietf@ietf.org>, mnot@mnot.net, ietf-http-wg@w3.org
On 2012-02-21 19:26, Stephen Farrell wrote:
>
> Down below, for the proposed HTTP/2.0 work it says:
>
>  > * Reflecting modern security requirements and practices
>
> In some earlier discussion I asked what "modern" means
> there. It seems to mean at least working well with TLS,
> but I'm not sure what else is meant, if anything.
>
> In particular, I think it'd be good to try get better
> (more usable, more secure etc.) HTTP authentication
> defined as a built-in part of HTTP/2.0.
>
> My initial take is that if we're not going to do this
> for a major revision of the protocol, then when are we
> going to do it? So I'd like to see that included.
>
> The counter argument offered was that better HTTP
> authentication is complex and probably hard to get right
> and so would be better handled separately.

I believe this should be orthogonal to HTTP/2.0. Is there a specific 
thing that makes it impossible to use the existing authentication framework?

> ...

Best regards, Julian
Received on Tuesday, 21 February 2012 18:33:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT