W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Henrik Nordström <henrik@henriknordstrom.net>
Date: Wed, 29 Feb 2012 20:55:24 +0100
Message-ID: <1330545324.24673.22.camel@home.hno.se>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Julian Reschke <julian.reschke@gmx.de>, IETF-Discussion <ietf@ietf.org>, "Roy T. Fielding" <fielding@gbiv.com>, Paul Hoffman <paul.hoffman@vpnc.org>, Mark Nottingham <mnot@mnot.net>, Tim Bray <tbray@textuality.com>, The IESG <iesg@ietf.org>, ietf-http-wg@w3.org
lör 2012-02-25 klockan 14:13 +0000 skrev Stephen Farrell:

> I don't agree with you there - the perceived low probability that
> something will be deployed is a real disincentive here. We have had
> people wanting to do work on this and have been told there's no point
> because it won't get adopted.

I do not agree that getting new auth schemes deployed if they do make
sense is such big problem in the longer scope.

We have already had two new auth schemes deployed within HTTP/1.1 during
the lifetime of HTTP/1.1 and which is in wide scale use today across
numerous different implementations. And these doesn't even followin HTTP
semantics...

A beauty of HTTP auth model here is that it can downgrade nicely,
allowing old clients to continue working only not gaining the benefits
of the new auth model. But that obviously have security implications as
well if newer user-agents can be fooled into downgrading.

Regards
Henrik
Received on Wednesday, 29 February 2012 19:56:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT