- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sat, 25 Feb 2012 15:03:55 +0100
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- CC: Mark Nottingham <mnot@mnot.net>, IETF-Discussion <ietf@ietf.org>, "Roy T. Fielding" <fielding@gbiv.com>, Paul Hoffman <paul.hoffman@vpnc.org>, Tim Bray <tbray@textuality.com>, The IESG <iesg@ietf.org>, ietf-http-wg@w3.org
On 2012-02-25 14:46, Stephen Farrell wrote: > ... > Yeah that's a tricky one. While one might like to > see "one or more" in both places that might not be > practical. > > In the proposal above the goal is that httpbis pick one > or more but recognising the reality that we might not get > a new proposal that httpbis will accept and that folks > will really implement and deploy. > > So: > Goal = one or more > Reluctant recognition of reality = zero or more > > With this plan if httpbis in fact select zero new proposals > that would represent a failure for all concerned. The "zero > or more" term is absolutely not intended to provide a way to > just punt on the question. > > Such a failure at the point where httpbis was re-chartering > to work on a HTTP/2.0 selection with no better security than > we now have is probably better evaluated as a whole - I > guess the question for the IETF/IESG at that point would > be whether the Internet would be better with or without > such a beast, or better waiting a while until the security > thing did get fixed. > > I can imagine an argument might ensue about that;-) > ... If we just need a new authentication scheme, nothing stops people from working on that right now. I don't see how that should affect HTTP/2.0. If the "right" way to do security needs changes in the HTTP/1.1 authentication framework, then we should fix/augment/tune HTTP/1.1. It's not going to go away anytime soon. Best regards, Julian
Received on Saturday, 25 February 2012 14:04:42 UTC