W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: draft-montenegro-httpbis-multilegged-auth-01

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 10 Jul 2012 11:10:12 +1000
Cc: 'Alexey Melnikov' <alexey.melnikov@isode.com>, 'Yutaka OIWA' <y.oiwa@aist.go.jp>, 'HTTP Working Group' <ietf-http-wg@w3.org>
Message-Id: <0258B01C-6FA6-4E12-97DE-F5F332FEB481@mnot.net>
To: Jonathan Silvera <jsilvera@microsoft.com>

On 10/07/2012, at 7:16 AM, Jonathan Silvera wrote:

> Dear Yutaka
> 
> Supporting legacy authentication schemes, should not be the question to ask ourselves. While these schemes are labeled as "broken" in HTTP 1.1, in reality they are deployed and working. If multiplexing  becomes a part of HTTP 2.0, as it is likely to be, these will be 'broken' not just in label, but in reality. 

The problem is that they may be deployed and working, but only at the cost of lots of pain and by other implementers (especially intermediaries). I.e., they're only "working" because people have worked around them.


> The compatibility requirement of the HTTP 2.0 WG charter does not allow us to eliminate legacy schemes, as previous applications are supposed to keep on working, regardless of whether they are labeled as 'broken" for HTTP 1.1 or not.

That's your interpretation. The charter doesn't require HTTP 2.0 to accommodate *every* use of HTTP, especially when it's being used -- or extended -- in a non-conformant way.

If we can satisfy these use cases by making some changes to them, that's great, but let's not call it "fixing HTTP."

Regards,


--
Mark Nottingham   http://www.mnot.net/
Received on Tuesday, 10 July 2012 01:10:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 10 July 2012 01:10:46 GMT