Re: Straw-man charter for http-bis -- call for errata/clarifications to 2617 from Henrik Nordstrom on 2007-05-31 (ietf-http-wg@w3.org from April to June 2007)

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Thu, 31 May 2007 23:35:27 +0200
To: Cyrus Daboo <cyrus@daboo.name>
Cc: Robert Sayre <sayrer@gmail.com>, Mark Nottingham <mnot@mnot.net>, Larry Masinter <LMM@acm.org>, Eliot Lear <lear@cisco.com>, Julian Reschke <julian.reschke@gmx.de>, Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, ietf-http-wg@w3.org
Message-Id: <1180647327.5423.9.camel@henriknordstrom.net>

tor 2007-05-31 klockan 17:16 -0400 skrev Cyrus Daboo:

> Well there is already RFC4559 and some folks in the security area were 
> working on tidying that up a bit more for a proposed standard.

Sure, but it doesn't make it follow the HTTP specs any better.

It's not very visible when reading the rfc until one gets to the
security considerations section, or alternatively study how the "scheme"
actually operates on the wire.

NTLM and Negotiate is not HTTP authentication schemes, it's something
completely different masqueraded to look like HTTP authentication at a
first glance, but with far going implications on the HTTP message,
transport and security models.

Regards
Henrik

Received on Thursday, 31 May 2007 21:35:41 UTC