- From: Jim Gettys <frystyk@w3.org>
- Date: Wed, 10 Feb 1999 11:13:02 -0500
- To: ietf-http-ng@w3.org
I had a conversation with some of the serious security guru's (Steve Bellovin in particular) in Orlando about mux, and where security would go in it. The conclusion we had come to in our design work was that it belonged either above, or below the mux layer, depending on the application, but that a mux itself did not need to address this (other than security considerations of its use, of course; for example, fate sharing as denial of service attack, etc.)). Steve gave it a few minutes thought, and agreed with our beliefs. I don't think it should end there, I'd like a bit more thought out of people like Steve before we say "it is mostly not our problem; don't shoot yourself in the foot with it by doing the following N dumb things", but I suspect it isn't a huge problem. I think the charter should, however, be clear that we need to get careful review of the security considerations section by systems security experts. - Jim
Received on Wednesday, 10 February 1999 11:13:04 UTC