IETF Logo Mail Archive

Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

Keith Moore <moore@cs.utk.edu> Thu, 07 June 2007 22:12 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwQDR-0003s3-Gg; Thu, 07 Jun 2007 18:12:25 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HwQDQ-0003rv-6r for discuss-confirm+ok@megatron.ietf.org; Thu, 07 Jun 2007 18:12:24 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwQDP-0003rn-Td for discuss@apps.ietf.org; Thu, 07 Jun 2007 18:12:23 -0400
Received: from shu.cs.utk.edu ([160.36.56.39]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HwQDO-0001Zm-Lp for discuss@apps.ietf.org; Thu, 07 Jun 2007 18:12:23 -0400
Received: from localhost (localhost [127.0.0.1]) by shu.cs.utk.edu (Postfix) with ESMTP id E6E701EE1A1; Thu, 7 Jun 2007 18:12:21 -0400 (EDT)
X-Virus-Scanned: by amavisd-new with ClamAV and SpamAssasin at cs.utk.edu
Received: from shu.cs.utk.edu ([127.0.0.1]) by localhost (bes.cs.utk.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t0qhFepKuXCL; Thu, 7 Jun 2007 18:12:09 -0400 (EDT)
Received: from lust.indecency.org (user-119b1dm.biz.mindspring.com [66.149.133.182]) by shu.cs.utk.edu (Postfix) with ESMTP id D80421EE18A; Thu, 7 Jun 2007 18:12:08 -0400 (EDT)
Message-ID: <466882A9.5010303@cs.utk.edu>
Date: Thu, 07 Jun 2007 18:11:53 -0400
From: Keith Moore <moore@cs.utk.edu>
User-Agent: Thunderbird 2.0.0.0 (Macintosh/20070326)
MIME-Version: 1.0
To: Julian Reschke <julian.reschke@gmx.de>
Subject: Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis
References: <BA772834-227A-4C1B-9534-070C50DF05B3@mnot.net> <392C98BA-E7B8-44ED-964B-82FC48162924@mnot.net> <6AE049B9045C00064222693F@[10.1.110.5]> <p06240871c28dd59e7371@[10.20.30.108]> <46682BC9.9050504@gmx.de> <46682E06.7030603@cs.utk.edu> <46682FC5.5030204@gmx.de>
In-Reply-To: <46682FC5.5030204@gmx.de>
X-Enigmail-Version: 0.95.0
OpenPGP: id=E1473978
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581
Cc: Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

Julian Reschke wrote:
> Keith Moore wrote:
>> no.  deprecate 2617.  deprecate the framework that is in 2616.  HTTP
>> security needs a clean slate approach.
>
> I personally have no problem with this. In the wild, most
> authentication isn't using RFC2617 anyway.
>
> However, my understanding is that the IESG doesn't allow RFC2616bis
> not to discuss authentication in *some* manner.
I'm certain that there will have to be a good answer to the
authentication question before 2616bis will be allowed to get any kind
of standardization status.  (it could probably be in a separate document).
> BTW: does the framework really require fixing?
I am pretty sure that it does.  I think sites will continue to insist on
being in control of the look and feel of the username/password dialog. 
I also think that the phishing concerns have to be dealt with.  The two
of these together make for an interesting set of constraints.

Keith

v2.8.7 | Report a Bug | By Email