Re: Straw-man charter for http-bis -- call for errata/clarifications to 2617 from Cyrus Daboo on 2007-05-31 (ietf-http-wg@w3.org from April to June 2007)

From: Cyrus Daboo <cyrus@daboo.name>
Date: Thu, 31 May 2007 17:16:02 -0400
To: Henrik Nordstrom <henrik@henriknordstrom.net>
cc: Robert Sayre <sayrer@gmail.com>, Mark Nottingham <mnot@mnot.net>, Larry Masinter <LMM@acm.org>, Eliot Lear <lear@cisco.com>, Julian Reschke <julian.reschke@gmx.de>, Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, ietf-http-wg@w3.org
Message-ID: <BE9343000CA9252766BBCA03@caldav.corp.apple.com>

Hi Henrik,

--On May 31, 2007 8:57:28 PM +0200 Henrik Nordstrom 
<henrik@henriknordstrom.net> wrote:

>> (form-based, cookie-based etc). We then have separate documents for each
>> of  the http-based schemes basic and digest - and we should add
>> Kerberos/SPNEGO  to that too.
>
> Note: Both Kerberos & SPNEGO both break the foundations laid out by
> RFC2616 and 2617, tying authentication to connections and not messages.

Well there is already RFC4559 and some folks in the security area were 
working on tidying that up a bit more for a proposed standard.

-- 
Cyrus Daboo

Received on Thursday, 31 May 2007 21:17:15 UTC