Re: Ticket 237 (absorbing more of 2617), was: Minutes for Maastricht from Julian Reschke on 2010-07-29 (ietf-http-wg@w3.org from July to September 2010)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 29 Jul 2010 12:07:19 +0200
To: Mark Nottingham <mnot@mnot.net>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <4C5152D7.8000403@gmx.de>

On 28.07.2010 14:39, Julian Reschke wrote:
> Hi,
>
> we discussed the issue of absorbing more of RFC 2617 (everything excpet
> the actual schemes) during our meeting:
>
>> 4. RFC2617
>> mnot: part7 is the http auth framework, the meat of auth (basic and
>> digest) is in 2617
>> issues like i18n auth scheme registry might be addressed
>> a path could be to have basic and digest in one or two drafts,
>> framework in p7
>> Alexey: seems to be the right thing to do, having the framework in p7
>> is fine, other two documents will need a recharter
>> mnot: no changes needed as a first step to produce new documents, only
>> i18n will require changes
>> Alexey: reopening digest could be controversial
>> <Barry Leiba> Cyrus: I don't see that draft-ietf-vwrap-type-system
>> <http://tools.ietf.org/wg/vwrap/draft-ietf-vwrap-type-system/> has any
>> ref to RFC 2617. Checking whether I got the right doc when you said that.
>> <Barry Leiba> Never mind... 2817, not 2617.
>> mnot: if the recharter says that only editorial changes are made, it
>> could help.
>> Cyrus: not sure IESG will accept Digest as-is
>> Alexey: moving to historic might help. If somebody want to reopen
>> Basic and Digest, it would be better if it was in a WG
>> Cyrus: Mutual Auth is there as an example of new auth
>> mnot: we are not a security-related WG
>> <roy.fielding> How about defining a registry for auth schemes?
>> Alexey: that is a good idea (in response to Roy's comment)
>
> It appears there was agreement that we should remove the missing bits of
> the framework into Part 7, so I have opened ticket 237
> (<http://trac.tools.ietf.org/wg/httpbis/trac/ticket/237>) to track the
> work on this.
>
> For now I see (besides boilerplate and acks changes):
>
> - Section 1.2 (the actual framework), and
> - selected pieces of Section 4 (security considerations)

I just did some more research:

- we'll have to apply <http://www.rfc-editor.org/errata_search.php?eid=1959>

- also, it appears that all of 
<http://greenbytes.de/tech/webdav/rfc2617.html#security.considerations> 
is specific to Basic and Digest, thus we wouldn't need to copy them over...

Best regards, Julian

Received on Thursday, 29 July 2010 10:07:57 UTC