Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

Julian Reschke wrote on 6/7/07 18:01 +0200:
> maybe things become clearer if we consider re-organizing the security stuff?
>
> Currently,
>
> - RFC2616 refers (normatively?) to RFC2617 for authentication, and
>
> - RFC2617 defines a framework (Section 1.2) and two schemes (Basic and
> Digest).
>
> Assuming that there's no immediate need to change the framework defines in
> RCF2617, Section 1.2, wouldn't it make sense to:
>
> - Move the authentication framework itself into RFC2616bis, and
>
> - to then publish stand-alone documents upgrading/fixing both Basic and
> Digest?
>
> The benefits being:
>
> - RFC2616bis doesn't have the dependency on its sister spec anymore, which
> suffers from Basic and Digest problems, and
>
> - Basic, Digest and new schemes could evolve independently.

Sounds like an idea worth considering to me.  In past cases where Apps has 
bundled authentication mechanisms with general frameworks (e.g. RFC 1731, 
2595), the mechanisms have invariably been split away from the framework for 
one reason or another.

                - Chris

Received on Friday, 8 June 2007 19:00:42 UTC