Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

Julian Reschke <julian.reschke@gmx.de> Thu, 07 June 2007 16:18 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwKgl-0000sT-Qy; Thu, 07 Jun 2007 12:18:19 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HwKgk-0000mV-Pn for discuss-confirm+ok@megatron.ietf.org; Thu, 07 Jun 2007 12:18:18 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwKgk-0000kT-EG for discuss@apps.ietf.org; Thu, 07 Jun 2007 12:18:18 -0400
Received: from mail.gmx.net ([213.165.64.20]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1HwKgj-0003K7-1o for discuss@apps.ietf.org; Thu, 07 Jun 2007 12:18:18 -0400
Received: (qmail invoked by alias); 07 Jun 2007 16:18:15 -0000
Received: from p508F9544.dip0.t-ipconnect.de (EHLO [192.168.178.22]) [80.143.149.68] by mail.gmx.net (mp055) with SMTP; 07 Jun 2007 18:18:15 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1/vDV09khPvxRIy2zo8N8TwVRPzasw2YBE3Nw7+eT hXRkWtFRTzHkKZ
Message-ID: <46682FC5.5030204@gmx.de>
Date: Thu, 07 Jun 2007 18:18:13 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060516 Thunderbird/1.5.0.4 Mnenhy/0.7.4.666
MIME-Version: 1.0
To: Keith Moore <moore@cs.utk.edu>
Subject: Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis
References: <BA772834-227A-4C1B-9534-070C50DF05B3@mnot.net> <392C98BA-E7B8-44ED-964B-82FC48162924@mnot.net> <6AE049B9045C00064222693F@[10.1.110.5]> <p06240871c28dd59e7371@[10.20.30.108]> <46682BC9.9050504@gmx.de> <46682E06.7030603@cs.utk.edu>
In-Reply-To: <46682E06.7030603@cs.utk.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7a6398bf8aaeabc7a7bb696b6b0a2aad
Cc: Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

Keith Moore wrote:
> no.  deprecate 2617.  deprecate the framework that is in 2616.  HTTP
> security needs a clean slate approach.

I personally have no problem with this. In the wild, most authentication 
isn't using RFC2617 anyway.

However, my understanding is that the IESG doesn't allow RFC2616bis not 
to discuss authentication in *some* manner.

BTW: does the framework really require fixing?

Best regards, Julian