RE: Straw-man charter for http-bis -- call for errata/clarifications to 2617 from Henrik Nordstrom on 2007-05-31 (ietf-http-wg@w3.org from April to June 2007)

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Fri, 01 Jun 2007 00:12:23 +0200
To: Paul Leach <paulle@windows.microsoft.com>
Cc: Eric Lawrence <ericlaw@exchange.microsoft.com>, Cyrus Daboo <cyrus@daboo.name>, ietf-http-wg@w3.org
Message-Id: <1180649543.5423.40.camel@henriknordstrom.net>

tor 2007-05-31 klockan 14:54 -0700 skrev Paul Leach:

> 1. The requirements (use of connection-keep-alive, proxy issues, etc)
> for secure use of per-connection authentication could be described in
> 2617bis.  AFAIK, these could reflect some actual implementation
> experience.

Connection oriented authentication requires support in the base HTTP
specs for such schemes, as it has far going implications on transport
and message requirements.

Would be more fruitful to rework NTLM/Negotiate to fit in the HTTP
message model I think, operating somewhat similar in principle (but
obviously not algorithm) to Digest MD5-sess with a virtual session
identifier separate from the transport connection.

Such work would fit nicely in RFC2617bis.

Regards
Henrik

Received on Thursday, 31 May 2007 22:12:39 UTC