W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sat, 25 Feb 2012 17:44:34 +0000
Message-ID: <4F491E02.9020207@cs.tcd.ie>
To: Julian Reschke <julian.reschke@gmx.de>
CC: IETF-Discussion <ietf@ietf.org>, "Roy T. Fielding" <fielding@gbiv.com>, Paul Hoffman <paul.hoffman@vpnc.org>, Mark Nottingham <mnot@mnot.net>, Tim Bray <tbray@textuality.com>, The IESG <iesg@ietf.org>, ietf-http-wg@w3.org


On 02/25/2012 02:20 PM, Julian Reschke wrote:
> On 2012-02-25 15:13, Stephen Farrell wrote:
>> On 02/25/2012 02:03 PM, Julian Reschke wrote:
>>>
>>> If we just need a new authentication scheme, nothing stops people from
>>> working on that right now.
>>
>> I don't agree with you there - the perceived low probability that
>> something will be deployed is a real disincentive here. We have had
>> people wanting to do work on this and have been told there's no point
>> because it won't get adopted.
>
> Just checking: so you think what's needed is a normative requirement to
> implement the new scheme? Do you really believe that that's what holding
> up improvements in this area?

The first thing is not something I said and I don't know quite what
it means so its also not something I believe. I therefore also do not
believe the 2nd thing.

>> > I don't see how that should affect HTTP/2.0.
>>
>> Well, a number of people have noticed that current schemes
>> are getting long in the tooth and fixing stuff like that when
>> you do a major rev of a protocol is quite a reasonable thing
>> to do.
>
> If there's something from with the framework, let's fix the framework.
> That's already covered by the current charter, no?

I don't think fixing or changing the framework will give us better
auth schemes by itself. (Better auth schemes may or may not require
changes to the framework, I dunno.)

So I think you're raising a side issue here really.

S

>>> If the "right" way to do security needs changes in the HTTP/1.1
>>> authentication framework, then we should fix/augment/tune HTTP/1.1. It's
>>> not going to go away anytime soon.
>>
>> Sure, I agree with that and think the plan above allows for it.
>
> My point being: this is something we already do in httpbis. What's
> missing is concrete bug reports.
>
> Best regards, Julian
>
>
Received on Saturday, 25 February 2012 17:45:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT