- From: Peter Saint-Andre <stpeter@stpeter.im>
- Date: Wed, 22 Feb 2012 14:18:46 -0700
- To: Paul Hoffman <paul.hoffman@vpnc.org>
- CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>, ietf-http-wg@w3.org, The IESG <iesg@ietf.org>, IETF-Discussion <ietf@ietf.org>
On 2/22/12 11:39 AM, Paul Hoffman wrote: > On Feb 22, 2012, at 10:35 AM, Stephen Farrell wrote: > >> Regardless of that you do have a fair point that asking apps folks >> to do stuff that'll please security folks might be asking for >> trouble:-) >> >> However, the counter to that is that security folks doing stuff >> without enough apps input might produce something that won't get >> adopted which also doesn't produce the right end result. >> >> Anyway, I think this topic, if tackled, won't lack interested >> participants and will get plenty of security and apps input no >> matter how we organise it. > > > Peter St.Andre's suggestion of a separate WG to deal specifically > with HTTP authentication seems like the best way to be sure both sets > of parties are fully involved. If the IESG charters it within the > next few months, the HTTP 2.0 work can be informed by any changes (if > any) that are needed. By the way, I forwarded this message to the http-auth@ietf.org list (yes, we already have a discussion list for these topics). The small sample of replies indicates that (1) folks would prefer to broaden the topic to web authentication, not strictly HTTP authentication and (2) not everyone who is interested in these topics subscribes to the more general ietf-http-wg@w3.org list. Peter -- Peter Saint-Andre https://stpeter.im/
Received on Wednesday, 22 February 2012 21:19:16 UTC