Re: Discussion of Mandatory TLS in HTTP/2.0

PHK - 

Talking about possible new authentication schemes *is* in our current scope.

Thanks,


On 20/07/2012, at 12:47 AM, Poul-Henning Kamp wrote:

> In message <50081C8B.4010006@jrn.me.uk>, Ross Nicoll writes:
> 
>> I'm guessing the idea would be to write an HTTP authentication protocol 
>> that uses [...]
> 
> All I can see HTTP doing, is transport opaque tokens forth and back.
> 
> If we design the protocol to do that well enough, it will support
> any identification/authentication protocol you care to put on top of
> it today or at a later date.
> 
> Adding "solving the second hardest problem in cryptography" to our
> TODO list, is scope-creep.
> 
> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe    
> Never attribute to malice what can adequately be explained by incompetence.

--
Mark Nottingham   http://www.mnot.net/

Received on Thursday, 19 July 2012 23:52:36 UTC