- From: James <james.ietf@gmail.com>
- Date: Thu, 14 May 2020 16:32:46 +0100
- To: ietf-http-wg@w3.org
I've had a brief review of this document and have a comment to a part of the security considerations: > This means that a secure transport layer must be used, like TLS. The termination of such a secure layer MUST also terminate any ongoing SASL handshakes. Isn't this incompatible with use cases where TLS termination is separated from the processing of the HTTP request such is common in CDNs, or where a trusted proxy is involved? - J On 05/05/2020 23:11, Tommy Pauly wrote: > Hello HTTPbis, > > At the virtual meeting of secdispatch at IETF 107, a proposal for SASL in HTTP was presented. The outcome of that discussion was to discuss it at the next HTTPbis meeting. > > This document is on our virtual interim agenda for May 19 (https://github.com/httpwg/wg-materials/blob/gh-pages/interim-20-05/agenda.md): > > https://tools.ietf.org/html/draft-vanrein-httpauth-sasl-04 > > There was some brief discussion on the mailing list about this document in January, but there hasn’t been substantial discussion since. Ahead of our virtual meeting, it’d be great to get a few more eyes on this document and have some reviews or thoughts posted to the list. > > Thanks! > Tommy (as co-chair)
Received on Thursday, 14 May 2020 15:33:03 UTC