IETF Logo Mail Archive

Re: Straw-man charter for http-bis

Julian Reschke <julian.reschke@gmx.de> Wed, 30 May 2007 15:44 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HtQM7-0006Xy-4F; Wed, 30 May 2007 11:44:59 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HtQM6-0006Xr-DC for discuss-confirm+ok@megatron.ietf.org; Wed, 30 May 2007 11:44:58 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HtQM6-0006Xj-3Z for discuss@apps.ietf.org; Wed, 30 May 2007 11:44:58 -0400
Received: from mail.gmx.net ([213.165.64.20]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1HtQM4-0003Hi-Mk for discuss@apps.ietf.org; Wed, 30 May 2007 11:44:58 -0400
Received: (qmail invoked by alias); 30 May 2007 15:44:55 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.87]) [217.91.35.233] by mail.gmx.net (mp032) with SMTP; 30 May 2007 17:44:55 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX19XhaE2gtFXzUsoOM9CtfokVtWtCndO5zHZ5i2LaH htVpyxyDX+VvdG
Message-ID: <465D9BF4.40707@gmx.de>
Date: Wed, 30 May 2007 17:44:52 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060516 Thunderbird/1.5.0.4 Mnenhy/0.7.4.666
MIME-Version: 1.0
To: Paul Hoffman <phoffman@imc.org>
Subject: Re: Straw-man charter for http-bis
References: <BA772834-227A-4C1B-9534-070C50DF05B3@mnot.net> <392C98BA-E7B8-44ED-964B-82FC48162924@mnot.net> <p06240843c2833f4d7f2f@[10.20.30.108]> <465D9142.9050506@gmx.de> <p06240846c2834902c575@[10.20.30.108]>
In-Reply-To: <p06240846c2834902c575@[10.20.30.108]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
Cc: Apps Discuss <discuss@apps.ietf.org>, Mark Nottingham <mnot@mnot.net>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

Paul Hoffman wrote:
> The proposed charter has:
>   * Document the security properties of HTTP and its associated
>     mechanisms (e.g., Basic and Digest authentication, cookies, TLS)
>     for common applications
> So, would obviously-needed changes to the associated mechanisms be in 
> scope for the WG, or not?

I would have hoped that we can concentrate on revising RFC2616, and do 
just that. However, we got signals from IESG members that a revision of 
RFC2616 would not be accepted unless it improves the security story. 
IMHO a very bad idea.

Fixing it needs, but that needs to be done somewhere else.

>> Are there any specific extensions you have in mind?
> 
> Definitely not. I was asking whether or not we want to clamp down on 
> charter creep now or later.

:-) I'd prefer the charter to be as small & precise as possible.

Best regards, Julian

v2.8.7 | Report a Bug | By Email