- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 3 Feb 2012 11:58:59 +1100
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 03/02/2012, at 12:34 AM, Julian Reschke wrote: > On 2012-01-24 04:55, Mark Nottingham wrote: >> ... >> Feb 2012 Working Group Last Call for HTTP Security Properties >> ... > > Out of curiosity: this document hasn't changes since March 2010. Do we plan to do any additional work on it? That's a good question. Originally, this document was put into our charter to address the need for Mandatory-to-Implement security in HTTP; since we couldn't make it a hard requirement, it was thought that educating users / implementers / administrators was the next best thing. In the meantime, it's been difficult to get forward momentum on the document (perhaps because it is so broad, and because for it to be useful, it needs to be detailed; however, if it's detailed, it will likely become stale quickly, IMO). We should discuss this as part of re-chartering; if HTTP/2.0 has MTI security, it could change things. Regards, -- Mark Nottingham http://www.mnot.net/
Received on Friday, 3 February 2012 00:59:40 UTC