- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Sat, 25 Feb 2012 14:13:27 +0000
- To: Julian Reschke <julian.reschke@gmx.de>
- CC: IETF-Discussion <ietf@ietf.org>, "Roy T. Fielding" <fielding@gbiv.com>, Paul Hoffman <paul.hoffman@vpnc.org>, Mark Nottingham <mnot@mnot.net>, Tim Bray <tbray@textuality.com>, The IESG <iesg@ietf.org>, ietf-http-wg@w3.org
On 02/25/2012 02:03 PM, Julian Reschke wrote: > On 2012-02-25 14:46, Stephen Farrell wrote: >> ... >> Yeah that's a tricky one. While one might like to >> see "one or more" in both places that might not be >> practical. >> >> In the proposal above the goal is that httpbis pick one >> or more but recognising the reality that we might not get >> a new proposal that httpbis will accept and that folks >> will really implement and deploy. >> >> So: >> Goal = one or more >> Reluctant recognition of reality = zero or more >> >> With this plan if httpbis in fact select zero new proposals >> that would represent a failure for all concerned. The "zero >> or more" term is absolutely not intended to provide a way to >> just punt on the question. >> >> Such a failure at the point where httpbis was re-chartering >> to work on a HTTP/2.0 selection with no better security than >> we now have is probably better evaluated as a whole - I >> guess the question for the IETF/IESG at that point would >> be whether the Internet would be better with or without >> such a beast, or better waiting a while until the security >> thing did get fixed. >> >> I can imagine an argument might ensue about that;-) >> ... > > If we just need a new authentication scheme, nothing stops people from > working on that right now. I don't agree with you there - the perceived low probability that something will be deployed is a real disincentive here. We have had people wanting to do work on this and have been told there's no point because it won't get adopted. > I don't see how that should affect HTTP/2.0. Well, a number of people have noticed that current schemes are getting long in the tooth and fixing stuff like that when you do a major rev of a protocol is quite a reasonable thing to do. > If the "right" way to do security needs changes in the HTTP/1.1 > authentication framework, then we should fix/augment/tune HTTP/1.1. It's > not going to go away anytime soon. Sure, I agree with that and think the plan above allows for it. S > > Best regards, Julian >
Received on Saturday, 25 February 2012 14:13:52 UTC