- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 24 Feb 2012 13:47:18 +1100
- To: Roy T. Fielding <fielding@gbiv.com>
- Cc: Tim Bray <tbray@textuality.com>, Peter Saint-Andre <stpeter@stpeter.im>, ietf-http-wg@w3.org, IETF-Discussion <ietf@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, The IESG <iesg@ietf.org>
On 24/02/2012, at 12:24 PM, Roy T. Fielding wrote: > On Feb 23, 2012, at 5:18 PM, Tim Bray wrote: >> On Thu, Feb 23, 2012 at 5:13 PM, Roy T. Fielding <fielding@gbiv.com> wrote: >> >>> How many times do we have to do this before we declare insanity? >>> I don't care how much risk it adds to the HTTP charter. They are >>> all just meaningless deadlines anyway. If we want HTTP to have >>> something other than Basic (1993) and Digest (1995) authentication, >>> then it had better be part of *this* charter so that the proposals >>> can address them. >> >> Well, Digest already isn't used by anyone :) > > A popular misconception because it works unseen. See tools.ietf.org > >> Seriously, someone needs to propose some charter language or this >> discussion is a no-op. -Tim > > "Proposals for new HTTP authentication schemes are in scope." No one has said they're out of scope; this discussion has been about whether -- at this point in time, before we have proposals -- we require the outcome to jump through some particular hoop regarding security. Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Friday, 24 February 2012 02:47:51 UTC