W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sat, 25 Feb 2012 15:20:36 +0100
Message-ID: <4F48EE34.3020504@gmx.de>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: IETF-Discussion <ietf@ietf.org>, "Roy T. Fielding" <fielding@gbiv.com>, Paul Hoffman <paul.hoffman@vpnc.org>, Mark Nottingham <mnot@mnot.net>, Tim Bray <tbray@textuality.com>, The IESG <iesg@ietf.org>, ietf-http-wg@w3.org
On 2012-02-25 15:13, Stephen Farrell wrote:
>
>
> On 02/25/2012 02:03 PM, Julian Reschke wrote:
>> On 2012-02-25 14:46, Stephen Farrell wrote:
>>> ...
>>> Yeah that's a tricky one. While one might like to
>>> see "one or more" in both places that might not be
>>> practical.
>>>
>>> In the proposal above the goal is that httpbis pick one
>>> or more but recognising the reality that we might not get
>>> a new proposal that httpbis will accept and that folks
>>> will really implement and deploy.
>>>
>>> So:
>>> Goal = one or more
>>> Reluctant recognition of reality = zero or more
>>>
>>> With this plan if httpbis in fact select zero new proposals
>>> that would represent a failure for all concerned. The "zero
>>> or more" term is absolutely not intended to provide a way to
>>> just punt on the question.
>>>
>>> Such a failure at the point where httpbis was re-chartering
>>> to work on a HTTP/2.0 selection with no better security than
>>> we now have is probably better evaluated as a whole - I
>>> guess the question for the IETF/IESG at that point would
>>> be whether the Internet would be better with or without
>>> such a beast, or better waiting a while until the security
>>> thing did get fixed.
>>>
>>> I can imagine an argument might ensue about that;-)
>>> ...
>>
>> If we just need a new authentication scheme, nothing stops people from
>> working on that right now.
>
> I don't agree with you there - the perceived low probability that
> something will be deployed is a real disincentive here. We have had
> people wanting to do work on this and have been told there's no point
> because it won't get adopted.

Just checking: so you think what's needed is a normative requirement to 
implement the new scheme? Do you really believe that that's what holding 
up improvements in this area?

>  > I don't see how that should affect HTTP/2.0.
>
> Well, a number of people have noticed that current schemes
> are getting long in the tooth and fixing stuff like that when
> you do a major rev of a protocol is quite a reasonable thing
> to do.

If there's something from with the framework, let's fix the framework. 
That's already covered by the current charter, no?

>> If the "right" way to do security needs changes in the HTTP/1.1
>> authentication framework, then we should fix/augment/tune HTTP/1.1. It's
>> not going to go away anytime soon.
>
> Sure, I agree with that and think the plan above allows for it.

My point being: this is something we already do in httpbis. What's 
missing is concrete bug reports.

Best regards, Julian
Received on Saturday, 25 February 2012 14:21:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT