W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: HTTP2 Expression of Interest: curl

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Fri, 13 Jul 2012 11:40:30 +0100
Message-ID: <4FFFFB1E.7080008@cs.tcd.ie>
To: Daniel Stenberg <daniel@haxx.se>
CC: HTTP Working Group <ietf-http-wg@w3.org>, libcurl hacking <curl-library@cool.haxx.se>

Hi Daniel,

On 07/12/2012 10:16 PM, Daniel Stenberg wrote:
> 
> Similar to the HTTP protocol, we intend to support any widely adopted
> authentication protocols. The HOBA, SCRAM and Mutual auth suggestions
> all seem perfectly doable and fine in my perspective.

Great.

> However, if there's no proper logout mechanism provided for HTTP auth I
> don't forsee any particular desire from browser vendor or web site
> creators to use any of these just like they don't use the older ones
> either to any significant extent. 

This may be my ignorance but what'd be a "proper logout mechanism"?
Maybe someone's documented requirements or a wish-list somewhere?

I put in a bit on this in the hoba draft, (but to be honest, without
really understanding much about it:-), so I'd love to know a bit more
about what's needed, e.g. how ought it affect cookies, TLS session
resume, etc. etc.

Ta,
S.
Received on Friday, 13 July 2012 10:41:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 13 July 2012 10:41:08 GMT