- From: Keith Moore <moore@cs.utk.edu>
- Date: Thu, 31 May 2007 11:26:15 -0400
- To: Mark Nottingham <mnot@mnot.net>
- CC: Eliot Lear <lear@cisco.com>, Yves Lafon <ylafon@w3.org>, Paul Hoffman <phoffman@imc.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, Apps Discuss <discuss@apps.ietf.org>
Mark Nottingham wrote: > Considering the scope of 2616bis is errata, and explicitly not new > features/mechanisms, I'm not sure I follow. Do you think that > designing new auth mechanisms will expose new errata? > > My initial thought is that it's much more likely that it'll require > who new features, or no changes to HTTP at all. I think it likely that some minor enhancements to HTTP will be needed by a new authentication method. However I don't know that this would require an update to the base HTTP specification; a separate document might be sufficient. The more I think about it, the more I believe that a separate working group for HTTP security is needed. This work should not need to be critical path for httpbis.
Received on Thursday, 31 May 2007 15:27:52 UTC