- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 21 Feb 2012 19:33:08 +0100
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- CC: iesg@ietf.org, IETF-Discussion <ietf@ietf.org>, mnot@mnot.net, ietf-http-wg@w3.org
On 2012-02-21 19:26, Stephen Farrell wrote: > > Down below, for the proposed HTTP/2.0 work it says: > > > * Reflecting modern security requirements and practices > > In some earlier discussion I asked what "modern" means > there. It seems to mean at least working well with TLS, > but I'm not sure what else is meant, if anything. > > In particular, I think it'd be good to try get better > (more usable, more secure etc.) HTTP authentication > defined as a built-in part of HTTP/2.0. > > My initial take is that if we're not going to do this > for a major revision of the protocol, then when are we > going to do it? So I'd like to see that included. > > The counter argument offered was that better HTTP > authentication is complex and probably hard to get right > and so would be better handled separately. I believe this should be orthogonal to HTTP/2.0. Is there a specific thing that makes it impossible to use the existing authentication framework? > ... Best regards, Julian
Received on Tuesday, 21 February 2012 18:33:38 UTC