W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Tue, 21 Feb 2012 18:37:12 +0000
Message-ID: <4F43E458.6030705@cs.tcd.ie>
To: Julian Reschke <julian.reschke@gmx.de>
CC: mnot@mnot.net, iesg@ietf.org, ietf-http-wg@w3.org, IETF-Discussion <ietf@ietf.org>


On 02/21/2012 06:33 PM, Julian Reschke wrote:
> On 2012-02-21 19:26, Stephen Farrell wrote:
>>
>> Down below, for the proposed HTTP/2.0 work it says:
>>
>> > * Reflecting modern security requirements and practices
>>
>> In some earlier discussion I asked what "modern" means
>> there. It seems to mean at least working well with TLS,
>> but I'm not sure what else is meant, if anything.
>>
>> In particular, I think it'd be good to try get better
>> (more usable, more secure etc.) HTTP authentication
>> defined as a built-in part of HTTP/2.0.
>>
>> My initial take is that if we're not going to do this
>> for a major revision of the protocol, then when are we
>> going to do it? So I'd like to see that included.
>>
>> The counter argument offered was that better HTTP
>> authentication is complex and probably hard to get right
>> and so would be better handled separately.
>
> I believe this should be orthogonal to HTTP/2.0. Is there a specific
> thing that makes it impossible to use the existing authentication
> framework?

Who knows? We don't have a protocol on the table yet. I
would imagine that some level of backwards compatibility
would be a requirement of course, or at least an issue to
be considered.

But the existing HTTP client authentication is also not
necessarily very useful, and there have been a number of
efforts to improve on that, none of which seem to have
gotten sufficient traction to get widely deployed/used.
Maybe HTTP/2.0 is a good time to try fix that.

S.


>
>> ...
>
> Best regards, Julian
Received on Tuesday, 21 February 2012 18:37:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT