Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

On 10/17/06, Bjoern Hoehrmann <> wrote:
> * Robert Sayre wrote:
> >On 10/17/06, Lisa Dusseault <> wrote:
> >>
> >> Since there are so many ways to approach this, so many variations in
> >> what specs are revised and how they depend upon each other, I can't
> >> say whether I, or the IESG, expect a revision to RFC2616 to "step
> >> into" the area covered by RFC2617.
> >
> >Perhaps we should poll the HTTP community as a start. Does anyone
> >think mandatory-to-implement security mechanisms will be helpful and
> >realistic?
> Of course! Are you proposing to remove all the existing mandatory-to-
> implement security mechanisms in RFC 2616 and RFC 2617?


This is not a very helpful answer. Let me be more specific.

Does anyone think mandatory-to-implement authentication schemes or
transport-layer security mechanisms will be helpful and realistic?


Robert Sayre

"I would have written a shorter letter, but I did not have the time."

Received on Wednesday, 18 October 2006 00:38:21 UTC