- From: Keith Moore <moore@cs.utk.edu>
- Date: Thu, 07 Jun 2007 12:10:46 -0400
- To: Julian Reschke <julian.reschke@gmx.de>
- CC: Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
no. deprecate 2617. deprecate the framework that is in 2616. HTTP security needs a clean slate approach. > maybe things become clearer if we consider re-organizing the security > stuff? > > Currently, > > - RFC2616 refers (normatively?) to RFC2617 for authentication, and > > - RFC2617 defines a framework (Section 1.2) and two schemes (Basic and > Digest). > > Assuming that there's no immediate need to change the framework > defines in RCF2617, Section 1.2, wouldn't it make sense to: > > - Move the authentication framework itself into RFC2616bis, and > > - to then publish stand-alone documents upgrading/fixing both Basic > and Digest? > > The benefits being: > > - RFC2616bis doesn't have the dependency on its sister spec anymore, > which suffers from Basic and Digest problems, and > > - Basic, Digest and new schemes could evolve independently. > > Best regards, Julian > > >
Received on Thursday, 7 June 2007 16:12:47 UTC