Re: security requirements

Right Stefan.

To expand even further on that: requiring a MTI security mechanism for a 
theoretical HTTP/1.2 spec may be a good thing. Requiring it for a 
potential revision of HTTP/1.1 IMHO doesn't work, because today there is 
no common approach one could document; that is, a revision would break 
conforming implementations.

But Robert's complaint was triggered by the IESG asking for that kind of 
security mechanism for specs that just happen to *use* HTTP, such as 
AtomPub, CalDAV or XCAP. Those are applications of HTTP, not new protocols.

Best regards, Julian

Received on Friday, 20 October 2006 10:11:32 UTC