Re: Straw-man charter for http-bis

[Julian Reschke <julian.reschke@gmx.de>]

Paul Hoffman wrote:
> ...
>> Beyond that I consider it inappropriate to hold publication of a 
>> useful revision hostage to new security engineering work.  That 
>> opinion may not be shared by others on the IESG.
> 
> Knowing ahead of time whether or not the work of this proposed WG is 
> likely to get smacked down at the end by the IESG would greatly affect 
> the people working on HTTPbis.

Definitively.

It seems to me that the requirements to apply errata and clarifications 
to an existing specification (with wide deployment) should be completely 
different from those for new protocols. If they aren't, existing specs 
just won't get revised, because it's either too much work, irrelevant 
(considering running code), or impossible (backwards compatibility).

>> Regardless, I would very much like to see forward progress on the HTTP 
>> security situation.
> 
> draft-hartman-webauth-phishing generated no significant follow-on 
> discussion that I can see (I would be happy to be mistaken). There are 
> little bits of discussion here and there, but no momentum. Without a 
> strong push from the Apps area for this work, I suspect that it will not 
> happen or, if it does happen in a limited fashion, the results will not 
> be widely adopted in implementations.

I believe that improvements in HTTP authentication require collaboration 
between implementors, namely UAs (Firefox, IE) and servers (httpd, IIS). 
We need to make that happen somehow.

> ...
>> 4. Specification Rewrite
>>
>> Because the IETF process gives quite a bit of control to the document 
>> editor and design teams, our process allows an alternate editor to 
>> produce a competing specification and ask for a WG consensus call to 
>> adopt that competing specification.  This is discussed in the 
>> following IESG Note:
>>   <http://www.ietf.org/IESG/STATEMENTS/Design-Teams.txt>
>>>> From discussions here, I suspect it's unlikely an alternate 
>>> specification would
>> be adopted by the WG in this case, especially because it might drop 
>> the target status from draft to proposed for the reasons Keith 
>> mentioned.  However, this is an important mechanism the keep the 
>> process open.
> 
> The status of the new document is *much* less important than its 
> correctness and usability to HTTP implementers.

Correct. Almost nobody cares. Most people don't even understand the 
difference between Informational, Experimental, and Standards Track 
(sometimes I don't as well...).

Best regards, Julian