Re: PEP Integration in RTSP

Ross Patterson wrote:
> 
> http-wg@cuckoo.hpl.hp.com writes:
> 
> >The authors of RTSP [1] and authors of PEP [2] have been discussing how to
> >integrate PEP into RTSP as the standard extension mechanism for RTSP.  The
> >authors of RTSP have very strong consensus now that we will use PEP, and
> >the only question remains:  how will this be integrated?
> 
> Some of us, myself included, don't believe PEP is such a great idea.
> Its bias towards nonstandard extensions with downloadable
> implementations just doesn't jive with the '90s "safe computing" world.

I don't think (speaking for the RTSP authors, at least) that we
anticipated downloadable extensions. I seem to remember from the PEP
draft that the URLs serve to (a) identify (b) describe the extensions. I
don't see how downloadable extensions would work, given the diversity of
servers, platforms, languages, etc. As far as I can tell, the draft
doesn't mention downloadable extensions.

> I'll have a very hard time convincing any of my customers to download
> anything into the webservers my company sold them, no matter who's
> responsible for the code.  My personal expectation (not necessarily
> Sterling Software's, as we haven't discussed PEP much) is that PEP in
> the traditionally high-security, high-reliability mainframe world is
> dead on arrival.  I've held off commenting to date as I expect this is
> both a minority viewpoint and an environment where no matter what
> changes are made (short of using URNs to identify already-embedded
> "extensions"), any form of PEP will be simply unacceptable.
> 

> Ross Patterson
> Sterling Software, Inc.
> VM Software Division

-- 
Henning Schulzrinne         email: schulzrinne@cs.columbia.edu
Dept. of Computer Science   phone: +1 212 939-7042
Columbia University         fax:   +1 212 666-0140
New York, NY 10027          URL:   http://www.cs.columbia.edu/~hgs

Received on Saturday, 17 May 1997 06:55:27 UTC