- From: Eliot Lear <lear@cisco.com>
- Date: Thu, 07 Jun 2007 18:52:56 +0000
- To: Paul Hoffman <phoffman@imc.org>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, Apps Discuss <discuss@apps.ietf.org>
Paul Hoffman wrote: > draft-hartman-webauth-phishing generated no significant follow-on > discussion that I can see (I would be happy to be mistaken). There are > little bits of discussion here and there, but no momentum. Without a > strong push from the Apps area for this work, I suspect that it will > not happen or, if it does happen in a limited fashion, the results > will not be widely adopted in implementations. I am forced to agree (sadly). We all need a good kick in the pants on this one. Sam has put together what I think is a fairly provocative requirements document (he provoked me to make a comment and a contribution or two ;-). Given the lack luster response, I don't think even I can support my early desire to see the security considerations of HTTP dealt with, and the situation is truly abysmal. And so I think we need to have two groups, and it's not even clear that we have enough support for the 2nd, right now. I'm CC'ing Sam, by the way, who can perhaps more accurately respond to what comments he's gotten. Eliot
Received on Thursday, 7 June 2007 20:04:51 UTC