- From: Nico Williams <nico@cryptonector.com>
- Date: Fri, 13 Jul 2012 16:20:44 -0500
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Fri, Jul 13, 2012 at 4:11 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > In message <CAK3OfOh7P1pdf91UFA8xj6nxj+c0__Bg11HZHy83mAbbBwFmgg@mail.gmail.com> > , Nico Williams writes: > > You seem to overlook half of my argument: It is both a matter of > API design *AND* lugging around tons of unnecessary code. Who said you have to? You don't even need to use the GSS-API itself to access GSS mechanisms. I'm using the GSS-API in REST-GSS not because I expect apps to "lug around" complete GSS implementations, but because it helps produce a more formal specification. I'm using the *abstract* API. Implementors are free to not use the API at all yet still interop. >>> Crypto for HTTP/2.0 should be specified in a way which is very hard >>> to do wrong, not very hard to do right. >> >>I agree violently. > > So lets start from there, if we ever get a chance. See the above. Nico --
Received on Friday, 13 July 2012 21:21:07 UTC