W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements

From: Robert Sayre <sayrer@gmail.com>
Date: Fri, 20 Oct 2006 13:26:59 -0400
Message-ID: <68fba5c50610201026i2b618d26g1f99963a81de3dd3@mail.gmail.com>
To: "Paul Leach" <paulle@windows.microsoft.com>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>

On 10/20/06, Paul Leach <paulle@windows.microsoft.com> wrote:
> it is a general principle
> of protocol design for any protocol that has options, in order to
> guarantee that conforming implementations can always be configured to
> interoperate. (This was in reaction to the ISO protocol mess with
> non-interoperable "profiles" of the 1980's.)

Oh, I agree that there's certainly a judgement call for Working Groups
to make on this sort of thing. But since the rules concern
implementations rather than deployments, MTI doesn't prevent the
actual threat to HTTP interoperability: centralized authentication
services. It's a backwards rule intended for companies shipping
routers and floppy discs. Web applications can route around it.


Robert Sayre
Received on Friday, 20 October 2006 17:27:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:40 UTC