W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sat, 25 Feb 2012 14:13:27 +0000
Message-ID: <4F48EC87.4040302@cs.tcd.ie>
To: Julian Reschke <julian.reschke@gmx.de>
CC: IETF-Discussion <ietf@ietf.org>, "Roy T. Fielding" <fielding@gbiv.com>, Paul Hoffman <paul.hoffman@vpnc.org>, Mark Nottingham <mnot@mnot.net>, Tim Bray <tbray@textuality.com>, The IESG <iesg@ietf.org>, ietf-http-wg@w3.org


On 02/25/2012 02:03 PM, Julian Reschke wrote:
> On 2012-02-25 14:46, Stephen Farrell wrote:
>> ...
>> Yeah that's a tricky one. While one might like to
>> see "one or more" in both places that might not be
>> practical.
>>
>> In the proposal above the goal is that httpbis pick one
>> or more but recognising the reality that we might not get
>> a new proposal that httpbis will accept and that folks
>> will really implement and deploy.
>>
>> So:
>> Goal = one or more
>> Reluctant recognition of reality = zero or more
>>
>> With this plan if httpbis in fact select zero new proposals
>> that would represent a failure for all concerned. The "zero
>> or more" term is absolutely not intended to provide a way to
>> just punt on the question.
>>
>> Such a failure at the point where httpbis was re-chartering
>> to work on a HTTP/2.0 selection with no better security than
>> we now have is probably better evaluated as a whole - I
>> guess the question for the IETF/IESG at that point would
>> be whether the Internet would be better with or without
>> such a beast, or better waiting a while until the security
>> thing did get fixed.
>>
>> I can imagine an argument might ensue about that;-)
>> ...
>
> If we just need a new authentication scheme, nothing stops people from
> working on that right now.

I don't agree with you there - the perceived low probability that
something will be deployed is a real disincentive here. We have had
people wanting to do work on this and have been told there's no point
because it won't get adopted.

 > I don't see how that should affect HTTP/2.0.

Well, a number of people have noticed that current schemes
are getting long in the tooth and fixing stuff like that when
you do a major rev of a protocol is quite a reasonable thing
to do.

> If the "right" way to do security needs changes in the HTTP/1.1
> authentication framework, then we should fix/augment/tune HTTP/1.1. It's
> not going to go away anytime soon.

Sure, I agree with that and think the plan above allows for it.

S

>
> Best regards, Julian
>
Received on Saturday, 25 February 2012 14:13:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT