- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 30 May 2007 17:44:52 +0200
- To: Paul Hoffman <phoffman@imc.org>
- CC: Mark Nottingham <mnot@mnot.net>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, Apps Discuss <discuss@apps.ietf.org>
Paul Hoffman wrote: > The proposed charter has: > * Document the security properties of HTTP and its associated > mechanisms (e.g., Basic and Digest authentication, cookies, TLS) > for common applications > So, would obviously-needed changes to the associated mechanisms be in > scope for the WG, or not? I would have hoped that we can concentrate on revising RFC2616, and do just that. However, we got signals from IESG members that a revision of RFC2616 would not be accepted unless it improves the security story. IMHO a very bad idea. Fixing it needs, but that needs to be done somewhere else. >> Are there any specific extensions you have in mind? > > Definitely not. I was asking whether or not we want to clamp down on > charter creep now or later. :-) I'd prefer the charter to be as small & precise as possible. Best regards, Julian
Received on Wednesday, 30 May 2007 15:45:05 UTC