W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: HTTPBis BOF followup - should RFC 2817/2818 be in scope for the WG?

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Thu, 30 Aug 2007 01:55:38 +0200
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1188431738.28577.76.camel@henriknordstrom.net>
On lör, 2007-08-11 at 17:30 +0100, Alexey Melnikov wrote:

> Please chose one of the following answers:
> 1). No
> 2). Yes, only add RFC 2818bis to the charter
> 3). Yes, only add RFC 2817bis to the charter
> 4). Yes, add both RFC 2817bis and RFC 2818bis to the charter
> 5). Maybe (this includes "yes, but when the WG completes the currently 
> proposed milestones" and "yes, but this should be done in another WG")
> 6). I have another opinion, which is ....


Not convinced they need a revision. But I also have not studied them in
full detail. From a quick reading they do seem to contain a bit too much
details and should be cut down, for example referencing the HTTP/1.1
message delimiting rules instead of miserably trying to mirror it

I consider it within the charter to consider if a reference to add a
reference to these from the HTTP/1.1 security considerations section
reasonable, and probably desireable.

It's also worth noting that I don't see it likely that RFC2817 will ever
get any momentum given how wide spread HTTP over TLS is combined with
the lack of capability negotiation in HTTP and it's resulting security
issues of having to first send the request in plain in order to discover
the TLS capability of the server. This is quite different from the other
IETF protocols having "TLS upgrade" capabilities.. (i.e. IMAP, SMTP,
POP, etc.. all negotiate the TLS upgrade before the acutal request
exchange, as part of the normal negotiation phase of respective

I do concider it fully in scope to incorporate the definition of CONNECT
into HTTP/1.1.


Received on Wednesday, 29 August 2007 23:55:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:31 UTC