IETF Logo Mail Archive

Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

Chris Newman <Chris.Newman@Sun.COM> Fri, 08 June 2007 19:00 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwjhO-0001eM-PL; Fri, 08 Jun 2007 15:00:38 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HwjhN-0001eH-Cu for discuss-confirm+ok@megatron.ietf.org; Fri, 08 Jun 2007 15:00:37 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwjhN-0001e9-3O for discuss@apps.ietf.org; Fri, 08 Jun 2007 15:00:37 -0400
Received: from brmea-mail-4.sun.com ([192.18.98.36]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HwjhL-0006AL-FS for discuss@apps.ietf.org; Fri, 08 Jun 2007 15:00:37 -0400
Received: from fe-amer-03.sun.com ([192.18.108.177]) by brmea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l58J0YV4004520 for <discuss@apps.ietf.org>; Fri, 8 Jun 2007 19:00:34 GMT
Received: from conversion-daemon.mail-amer.sun.com by mail-amer.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) id <0JJB00901ZC8T900@mail-amer.sun.com> (original mail from Chris.Newman@Sun.COM) for discuss@apps.ietf.org; Fri, 08 Jun 2007 13:00:34 -0600 (MDT)
Received: from [10.1.110.5] by mail-amer.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPSA id <0JJB00ISUZGQUF30@mail-amer.sun.com>; Fri, 08 Jun 2007 13:00:29 -0600 (MDT)
Date: Fri, 08 Jun 2007 12:00:26 -0700
From: Chris Newman <Chris.Newman@Sun.COM>
Subject: Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis
In-reply-to: <46682BC9.9050504@gmx.de>
To: Julian Reschke <julian.reschke@gmx.de>, Paul Hoffman <phoffman@imc.org>
Message-id: <8A1C369985037B2AED5F566D@[10.1.110.5]>
MIME-version: 1.0
X-Mailer: Mulberry/3.1.6 (Mac OS X)
Content-type: text/plain; format=flowed; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
References: <BA772834-227A-4C1B-9534-070C50DF05B3@mnot.net> <392C98BA-E7B8-44ED-964B-82FC48162924@mnot.net> <6AE049B9045C00064222693F@[10.1.110.5]> <p06240871c28dd59e7371@[10.20.30.108]> <46682BC9.9050504@gmx.de>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Cc: Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

Julian Reschke wrote on 6/7/07 18:01 +0200:
> maybe things become clearer if we consider re-organizing the security stuff?
>
> Currently,
>
> - RFC2616 refers (normatively?) to RFC2617 for authentication, and
>
> - RFC2617 defines a framework (Section 1.2) and two schemes (Basic and
> Digest).
>
> Assuming that there's no immediate need to change the framework defines in
> RCF2617, Section 1.2, wouldn't it make sense to:
>
> - Move the authentication framework itself into RFC2616bis, and
>
> - to then publish stand-alone documents upgrading/fixing both Basic and
> Digest?
>
> The benefits being:
>
> - RFC2616bis doesn't have the dependency on its sister spec anymore, which
> suffers from Basic and Digest problems, and
>
> - Basic, Digest and new schemes could evolve independently.

Sounds like an idea worth considering to me.  In past cases where Apps has 
bundled authentication mechanisms with general frameworks (e.g. RFC 1731, 
2595), the mechanisms have invariably been split away from the framework for 
one reason or another.

                - Chris

v2.8.7 | Report a Bug | By Email