Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

On 02/25/2012 02:20 PM, Julian Reschke wrote:
> On 2012-02-25 15:13, Stephen Farrell wrote:
>> On 02/25/2012 02:03 PM, Julian Reschke wrote:
>>>
>>> If we just need a new authentication scheme, nothing stops people from
>>> working on that right now.
>>
>> I don't agree with you there - the perceived low probability that
>> something will be deployed is a real disincentive here. We have had
>> people wanting to do work on this and have been told there's no point
>> because it won't get adopted.
>
> Just checking: so you think what's needed is a normative requirement to
> implement the new scheme? Do you really believe that that's what holding
> up improvements in this area?

The first thing is not something I said and I don't know quite what
it means so its also not something I believe. I therefore also do not
believe the 2nd thing.

>> > I don't see how that should affect HTTP/2.0.
>>
>> Well, a number of people have noticed that current schemes
>> are getting long in the tooth and fixing stuff like that when
>> you do a major rev of a protocol is quite a reasonable thing
>> to do.
>
> If there's something from with the framework, let's fix the framework.
> That's already covered by the current charter, no?

I don't think fixing or changing the framework will give us better
auth schemes by itself. (Better auth schemes may or may not require
changes to the framework, I dunno.)

So I think you're raising a side issue here really.

S

>>> If the "right" way to do security needs changes in the HTTP/1.1
>>> authentication framework, then we should fix/augment/tune HTTP/1.1. It's
>>> not going to go away anytime soon.
>>
>> Sure, I agree with that and think the plan above allows for it.
>
> My point being: this is something we already do in httpbis. What's
> missing is concrete bug reports.
>
> Best regards, Julian
>
>

Received on Saturday, 25 February 2012 17:45:02 UTC