Protocol Action: Hypertext Transfer Protocol -- HTTP/1.1 to Draft Standard

The IESG has approved publication of the following Internet-Drafts as
Draft Standards:

 o Hypertext Transfer Protocol -- HTTP/1.1
	<draft-ietf-http-v11-spec-rev-06.txt>

   This document replaces RFC2068, currently a Proposed Standard.


 o HTTP Authentication: Basic and Digest Access Authentication 
	<draft-ietf-http-authentication-03.txt> 

   This document replaces RFC2069, currently a Proposed Standard.

These documents are the product of the HyperText Transfer Protocol
Working Group.  The IESG contact persons are Keith Moore and Patrik
Faltstrom.
 
 
Technical Summary
 
 HTTP/1.1 is the primary data transfer protocol used by the world
 wide web.  This Draft Standard revision contains numerous
 clarifications and corrections to its predecessor, RFC 2068.

 Basic Access Authentication is an insecure authentication method
 which was present in HTTP/1.0.  Even though it exposes the user's
 password to eavesdroppers, it is still needed for backward
 compatibility.  Digest Access Authentication is designed as
 an improvement to Basic authentication.  While Digest provides
 no confidentiality or integrity service, it at least provides
 improved protection (as compared to Basic) for the user's password.

Working Group Summary

 A large number of issues were debated at length.
 (The list of issues is documented at
 http://www.w3.org/Protocols/HTTP/Issues/
 and http://www.w3.org/Protocols/HTTP/Issues/DSI.html
 including pointers into the mailing list archive where the
 issue was discussed, and, usually, the resolution.)

 Many design choices were subtle and difficult.  HTTP has
 been widely implemented and extended by many different
 parties in a short amount of time, and this made it
 difficult to define the proper interaction between
 features originally specified by different parties.
 In addition, the interaction of multiple roles (browser,
 local cache, proxy, origin server, authentication service)
 and conflicting goals (performance, reliability, privacy,
 managability) made analysis of the choices more difficult.

 Most decisions were made quickly, but some required
 extensive discussion and multiple position papers.
 At least rough consensus was reached on all design choices.

Protocol Quality

 Keith Moore reviewed the spec for IESG.
 There are several implementations of HTTP/1.1, and at least two
 implementations of each protocol feature as required by RFC 2026
 for Draft Standard protocols.

Received on Monday, 8 March 1999 12:06:30 UTC