IETF Logo Mail Archive

Re: Straw-man charter for http-bis

Lisa Dusseault <lisa@osafoundation.org> Thu, 07 June 2007 23:16 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwRDP-0008L1-SR; Thu, 07 Jun 2007 19:16:27 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HwRDO-0008Km-Rr for discuss-confirm+ok@megatron.ietf.org; Thu, 07 Jun 2007 19:16:26 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwRDO-0008Ke-Hu for discuss@apps.ietf.org; Thu, 07 Jun 2007 19:16:26 -0400
Received: from laweleka.osafoundation.org ([204.152.186.98]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HwRDN-0007Ww-9R for discuss@apps.ietf.org; Thu, 07 Jun 2007 19:16:26 -0400
Received: from localhost (laweleka.osafoundation.org [127.0.0.1]) by laweleka.osafoundation.org (Postfix) with ESMTP id B943A14220E; Thu, 7 Jun 2007 16:16:24 -0700 (PDT)
X-Virus-Scanned: by amavisd-new and clamav at osafoundation.org
Received: from laweleka.osafoundation.org ([127.0.0.1]) by localhost (laweleka.osafoundation.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yg9dJGz9NJ5Q; Thu, 7 Jun 2007 16:16:23 -0700 (PDT)
Received: from [10.1.1.203] (ip10.commerce.net [157.22.41.10]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by laweleka.osafoundation.org (Postfix) with ESMTP id C0CDB142201; Thu, 7 Jun 2007 16:16:22 -0700 (PDT)
In-Reply-To: <76323E9F0A911944A4E9225FACFC55BA04C3D4BC@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com>
References: <BA772834-227A-4C1B-9534-070C50DF05B3@mnot.net> <392C98BA-E7B8-44ED-964B-82FC48162924@mnot.net> <6AE049B9045C00064222693F@10.1.110.5> <p06240871c28dd59e7371@10.20.30.108> <46682DC3.2010405@cs.utk.edu> <p06240875c28df150f134@10.20.30.108> <5c902b9e0706071057y5ad331acwc07439c50b08cc07@mail.gmail.com> <76323E9F0A911944A4E9225FACFC55BA04C3D4BC@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <C5276AF9-AFA6-4728-8928-B76C89DBF422@osafoundation.org>
Content-Transfer-Encoding: 7bit
From: Lisa Dusseault <lisa@osafoundation.org>
Subject: Re: Straw-man charter for http-bis
Date: Thu, 7 Jun 2007 16:16:20 -0700
To: Paul Leach <paulle@windows.microsoft.com>
X-Mailer: Apple Mail (2.752.3)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Cc: Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, Keith Moore <moore@cs.utk.edu>, Justin Erenkrantz <justin@erenkrantz.com>, ietf-http-wg@w3.org
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

On Jun 7, 2007, at 11:03 AM, Paul Leach wrote:

>
> For a long time, the IESG has required that all new protocols have a
> "security considerations" section. I have not heard that that has
> changed to a more stringent mandate.

There's a little more, mostly in RFC3552, e.g. "Unprotected (plaintext)
    username/password systems are not acceptable in IETF standards."

> For many protocols, including HTTP,
> that section would have to show that they are securable. However, in
> addition, IMO it is obvious that for HTTP, that section also says that
> anonymous clients and unauthenticated servers are OK in many
> circumstances, and here are the mechanisms that can be used when it
> isn't OK.

+1


Lisa

v2.8.7 | Report a Bug | By Email