- From: Peter Saint-Andre <stpeter@stpeter.im>
- Date: Wed, 22 Feb 2012 10:39:14 -0700
- To: Paul Hoffman <paul.hoffman@vpnc.org>
- CC: The IESG <iesg@ietf.org>, IETF-Discussion <ietf@ietf.org>, ietf-http-wg@w3.org
On 2/22/12 10:31 AM, Paul Hoffman wrote: > The earnest calls for better authentication on this thread appear to > ignore the fact that the very things that are being requested were > put out of scope for the websec WG in their charter. I hope that no > one things that a WG in the Applications Area will be better equipped > to come up with a better authentication mechanism than one in the > Security Area. The WebSec WG is in the Applications Area. > Asking the HTTPheads to guess what the securityheads might want is > not a good way to design HTTP 2.0. Probably not. > Proposal: leave the httpbis WG charter as-is and re-charter the > websec WG to consider what is needed in the HTTP authentication > model. Later, recharter the websec WG to, you know, actually do the > security work for authentication. Or charter a separate WG to focus on HTTP authentication. (You might recall that the BoF leading to formation of the WebSec WG was entitled HASMAT = "HTTP Application Security Minus Authentication and Transport" or somesuch.) Peter -- Peter Saint-Andre https://stpeter.im/
Received on Wednesday, 22 February 2012 17:39:48 UTC