RE: Straw-man charter for http-bis

For a long time, the IESG has required that all new protocols have a
"security considerations" section. I have not heard that that has
changed to a more stringent mandate. For many protocols, including HTTP,
that section would have to show that they are securable. However, in
addition, IMO it is obvious that for HTTP, that section also says that
anonymous clients and unauthenticated servers are OK in many
circumstances, and here are the mechanisms that can be used when it
isn't OK.

-----Original Message-----
From: Justin Erenkrantz
Sent: Thursday, June 07, 2007 1:57 PM

<snip>

Furthermore, my understanding is that IESG now requires all new
protocols to always be secure.  

Received on Thursday, 7 June 2007 18:04:28 UTC