IETF Logo Mail Archive

Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

Keith Moore <moore@cs.utk.edu> Thu, 07 June 2007 16:12 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwKbL-0000Y5-Il; Thu, 07 Jun 2007 12:12:43 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HwKbK-0000Xr-Kl for discuss-confirm+ok@megatron.ietf.org; Thu, 07 Jun 2007 12:12:42 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwKbK-0000XZ-5B for discuss@apps.ietf.org; Thu, 07 Jun 2007 12:12:42 -0400
Received: from shu.cs.utk.edu ([160.36.56.39]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HwKbI-00018N-UE for discuss@apps.ietf.org; Thu, 07 Jun 2007 12:12:42 -0400
Received: from localhost (localhost [127.0.0.1]) by shu.cs.utk.edu (Postfix) with ESMTP id 7AE4B1EE1BE; Thu, 7 Jun 2007 12:12:40 -0400 (EDT)
X-Virus-Scanned: by amavisd-new with ClamAV and SpamAssasin at cs.utk.edu
Received: from shu.cs.utk.edu ([127.0.0.1]) by localhost (bes.cs.utk.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cFRbg+uW6Z2y; Thu, 7 Jun 2007 12:11:49 -0400 (EDT)
Received: from lust.indecency.org (user-119b1dm.biz.mindspring.com [66.149.133.182]) by shu.cs.utk.edu (Postfix) with ESMTP id 24DD11EE1BF; Thu, 7 Jun 2007 12:11:01 -0400 (EDT)
Message-ID: <46682E06.7030603@cs.utk.edu>
Date: Thu, 07 Jun 2007 12:10:46 -0400
From: Keith Moore <moore@cs.utk.edu>
User-Agent: Thunderbird 2.0.0.0 (Macintosh/20070326)
MIME-Version: 1.0
To: Julian Reschke <julian.reschke@gmx.de>
Subject: Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis
References: <BA772834-227A-4C1B-9534-070C50DF05B3@mnot.net> <392C98BA-E7B8-44ED-964B-82FC48162924@mnot.net> <6AE049B9045C00064222693F@[10.1.110.5]> <p06240871c28dd59e7371@[10.20.30.108]> <46682BC9.9050504@gmx.de>
In-Reply-To: <46682BC9.9050504@gmx.de>
X-Enigmail-Version: 0.95.0
OpenPGP: id=E1473978
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.1 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228
Cc: Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

no.  deprecate 2617.  deprecate the framework that is in 2616.  HTTP
security needs a clean slate approach.
> maybe things become clearer if we consider re-organizing the security
> stuff?
>
> Currently,
>
> - RFC2616 refers (normatively?) to RFC2617 for authentication, and
>
> - RFC2617 defines a framework (Section 1.2) and two schemes (Basic and
> Digest).
>
> Assuming that there's no immediate need to change the framework
> defines in RCF2617, Section 1.2, wouldn't it make sense to:
>
> - Move the authentication framework itself into RFC2616bis, and
>
> - to then publish stand-alone documents upgrading/fixing both Basic
> and Digest?
>
> The benefits being:
>
> - RFC2616bis doesn't have the dependency on its sister spec anymore,
> which suffers from Basic and Digest problems, and
>
> - Basic, Digest and new schemes could evolve independently.
>
> Best regards, Julian
>
>
>

v2.8.7 | Report a Bug | By Email