Re: [Ietf-http-auth] Updating RFC 2617 (HTTP Digest) to use UTF-8

I would expect that any new Proposed Standard RFC would have to take  
into account the heightened expectations around mandatory-to- 
implement security technologies.  Updates to previous RFCs would not  
necessarily be immune to that.  I believe it's very important to  
clarify what HTTP clients and servers do need to support to provide  
adequate security for modern applications -- HTTP is hardly immune to  
attacks, and authentication technology is one of the failing pieces  
here which allows those attacks.  See for example the discussion at  
the Web Authentication Enhancements BoF at the last IETF <http://>.


On Oct 16, 2006, at 4:37 PM, Robert Sayre wrote:

> On 10/16/06, Lisa Dusseault <> wrote:
>>  I strongly support efforts to update these specs so
>> let me know how I can help as AD or if there are any questions I can
>> answer.
> Hi Lisa,
> How do efforts to update these specs relate to the normative folklore
> regarding mandatory to implement security technologies?
> -- 
> Robert Sayre

Received on Tuesday, 17 October 2006 20:47:19 UTC