W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Discussion of Mandatory TLS in HTTP/2.0

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 20 Jul 2012 09:52:08 +1000
Cc: Ross Nicoll <jrn@jrn.me.uk>, Phillip Hallam-Baker <hallam@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <56B6AE64-C56C-424E-87D6-A41D88F8ABB3@mnot.net>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
PHK - 

Talking about possible new authentication schemes *is* in our current scope.

Thanks,


On 20/07/2012, at 12:47 AM, Poul-Henning Kamp wrote:

> In message <50081C8B.4010006@jrn.me.uk>, Ross Nicoll writes:
> 
>> I'm guessing the idea would be to write an HTTP authentication protocol 
>> that uses [...]
> 
> All I can see HTTP doing, is transport opaque tokens forth and back.
> 
> If we design the protocol to do that well enough, it will support
> any identification/authentication protocol you care to put on top of
> it today or at a later date.
> 
> Adding "solving the second hardest problem in cryptography" to our
> TODO list, is scope-creep.
> 
> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe    
> Never attribute to malice what can adequately be explained by incompetence.

--
Mark Nottingham   http://www.mnot.net/
Received on Thursday, 19 July 2012 23:52:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 July 2012 23:52:41 GMT