RE: Digest mess

> I agree.
> (feel free to correct me if Im wrong..)

> There seems to be a lot of other protocols
> or efforts which depend on HTTP um, security.
> By having digest, they meet the IETF security
> requirements, and may proceed.
> If digest fails or comes out of the spec, this
> will derail other efforts as well.

Actually it could well be the other way around. If Digest continues on its
present course and continues not to be implemented there are going to be
problems moving to Draft Standard. And if Digest stalls at Proposed so will all
the things that depend on it.

On the other hand, if Digest is "fixed"  the most that will happen is that it
will reset to proposed. This is not a big deal -- the most it will cause is a
delay. And if the "fix" facilitates implementation it will end up facilitating
the advancement of other work that depends on it.

The point I'm trying to make here is that continuing on the present course may
be the one thing that really isn't an option. So the question then becomes,
which change to Digest that's currently under consideration will facilitate
deployment and hence help the process along? (I do not pretend to know the
answer to this.)

> I know that we're supposed to avoid favoring
> "process" over technical soundness, but in this
> case, I dont think that applies.

I think process issues do apply, although the way in which they do
may not be obvious.


Received on Wednesday, 7 January 1998 11:40:58 UTC