- From: Tim Bray <tbray@textuality.com>
- Date: Tue, 21 Feb 2012 14:46:14 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Julian Reschke <julian.reschke@gmx.de>, ietf-http-wg@w3.org, IETF-Discussion <ietf@ietf.org>, iesg@ietf.org
[in-line] On Tue, Feb 21, 2012 at 2:40 PM, Mark Nottingham <mnot@mnot.net> wrote: >> And then should it include adding some new options >> or MTI auth schemes as part of HTTP/2.0 or even looking >> at that? (I think it ought to include trying for that >> personally, even if there is a higher-than-usual risk >> of failure.) > > > Based on past experience, I think the risk is very high, and we don't need to pile any more risk onto this particular project. +1 HTTP's ability to be equipped with security technology has been adequate, and I haven't heard much argument that its semantics were the big obstacle to newer/better security. Preserving its semantics means its successor should be equally adequate. Mnot is *understating* the risk of loading up the charter with this stuff. -T
Received on Tuesday, 21 February 2012 22:46:41 UTC