Re: Reminder: Call for Proposals - HTTP/2.0 and HTTP Authentication

Nicolas Mailhot <nicolas.mailhot@laposte.net> Fri, 27 April 2012 09:18 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E534F21F87B7 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 27 Apr 2012 02:18:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.532
X-Spam-Level:
X-Spam-Status: No, score=-8.532 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OyrdLxCaJA0A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 27 Apr 2012 02:18:11 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 5AEC921F877B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 27 Apr 2012 02:18:11 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SNhIB-0005Kh-Vy for ietf-http-wg-dist@listhub.w3.org; Fri, 27 Apr 2012 09:16:44 +0000
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <gix-ietf-http-wg@m.gmane.org>) id 1SNhI3-0005Id-Dj for ietf-http-wg@listhub.w3.org; Fri, 27 Apr 2012 09:16:35 +0000
Received: from plane.gmane.org ([80.91.229.3]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <gix-ietf-http-wg@m.gmane.org>) id 1SNhI0-0006QY-FK for ietf-http-wg@w3.org; Fri, 27 Apr 2012 09:16:33 +0000
Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <gix-ietf-http-wg@m.gmane.org>) id 1SNhHc-0001C5-Se for ietf-http-wg@w3.org; Fri, 27 Apr 2012 11:16:08 +0200
Received: from 163.116.6.10 ([163.116.6.10]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf-http-wg@w3.org>; Fri, 27 Apr 2012 11:16:08 +0200
Received: from nicolas.mailhot by 163.116.6.10 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf-http-wg@w3.org>; Fri, 27 Apr 2012 11:16:08 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: ietf-http-wg@w3.org
From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Fri, 27 Apr 2012 09:16:00 +0000 (UTC)
Lines: 42
Message-ID: <loom.20120427T104110-359@post.gmane.org>
References: <14A09626-8397-4656-A042-FEFDDD017C9F@mnot.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: sea.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 163.116.6.10 (Mozilla/5.0 (Windows NT 6.0; rv:12.0) Gecko/20100101 Firefox/12.0)
Received-SPF: pass client-ip=80.91.229.3; envelope-from=gix-ietf-http-wg@m.gmane.org; helo=plane.gmane.org
X-W3C-Hub-Spam-Status: No, score=-0.7
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_NUMERIC_HELO=1.164, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01
X-W3C-Scan-Sig: lisa.w3.org 1SNhI0-0006QY-FK f3f16c0cc7d4dea355bb8919e9b13875
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Reminder: Call for Proposals - HTTP/2.0 and HTTP Authentication
Archived-At: <http://www.w3.org/mid/loom.20120427T104110-359@post.gmane.org>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13487
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1SNhIB-0005Kh-Vy@frink.w3.org>
Resent-Date: Fri, 27 Apr 2012 09:16:43 +0000

Hi,

Would it be possible to publish a list of specific questions and have each
proposal submitter answer how its proposal answers each of them? Just to make
sure no use-case falls through the cracks? Sure one can read each proposal and
guess the answers, but I think proposal submitters are the best to answer how
their proposal could be used. And this way one won't have to fish list archives
for answers to common questions.

I'd especially like an answer to the following:

1. Can the proposal permit secure http/2.0 communication without letting malware
punch random protocols through firewalls using the http/2.0 secure port?

2. How can intermediary network nodes request (re-)authentication on secure
networks when client credentials expire?

3. How can they communicate authentication location to the client (or is it
implied and how)? Does this mechanism work for dumb (not-browser) web clients?

4. How could other intermediary messaging be handled?

5. Is the proposed protocol feature-complete or does it require an http/1.1
downgrade to handle some existing http use-cases (esp. proxy ones)?

6. Is the http/2.0 namespace a superset of the http/1.1 namespace? Are error
codes specific to the protocol version used or should it be assumed they'd apply
the same if the protocol was up/down graded?

7. How will the proposal make writing tools that process HTTP headers and logs
simpler? Does it reduce HTTP reliance on conventions not commonly used in
mainstream application writing?

8. Does it add specific logging constrains that didn't exist in http/1.1?

9. How will the proposal improve network efficiency?


Best regards,

-- 
Nicolas Mailhot