HTTP2 Expression of Interest
Paul Hoffman <paul.hoffman@gmail.com> Fri, 13 July 2012 02:24 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4261011E8085 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 12 Jul 2012 19:24:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9jYFTXDQDT2i for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 12 Jul 2012 19:24:20 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id A781D11E8072 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 12 Jul 2012 19:24:20 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SpVWy-000872-SS for ietf-http-wg-dist@listhub.w3.org; Fri, 13 Jul 2012 02:22:56 +0000
Resent-Date: Fri, 13 Jul 2012 02:22:56 +0000
Resent-Message-Id: <E1SpVWy-000872-SS@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <paul.hoffman@gmail.com>) id 1SpVWr-00086H-LD for ietf-http-wg@listhub.w3.org; Fri, 13 Jul 2012 02:22:49 +0000
Received: from mail-vc0-f171.google.com ([209.85.220.171]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <paul.hoffman@gmail.com>) id 1SpVWq-0003Ur-ND for ietf-http-wg@w3.org; Fri, 13 Jul 2012 02:22:49 +0000
Received: by vcbgb30 with SMTP id gb30so2210367vcb.2 for <ietf-http-wg@w3.org>; Thu, 12 Jul 2012 19:22:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=XyPKGVUgafPKslu9ev0zp/M4ntKHHS4CvQ+AKmhvXaU=; b=StVDKFL6i8WkmxfDdz+klJoNBkWnzXK6Yg1iULab6YmyltbvPcK/ZtOq79+ewQoGxH 7v1IepQzMXRO4D3FYFVM9Ot+HG2Vq/w1ch8rQXbZAioCqgfWvTAc0UcCApMjYCc+t0gH Tdi7H9rWLgCyse3bnKku9dHTRaflm4xT7vm4EdAcCaeCTcIkllOl5SvGAdAzReE39Fn4 1gK0dmlSeJoM5sBenLprF9BDYtKcuW5c2hczc0bB5EGLRD4CxbQHsAYzq+EUm3riJp3+ U1FqWHnJ+QH+AdFVVDRA909r67vw2XTRjhgmhDjgyWuefUA9ydt5q+2CbzN0qW3F8v4o 09CA==
MIME-Version: 1.0
Received: by 10.221.11.197 with SMTP id pf5mr285597vcb.29.1342146142850; Thu, 12 Jul 2012 19:22:22 -0700 (PDT)
Received: by 10.58.244.196 with HTTP; Thu, 12 Jul 2012 19:22:22 -0700 (PDT)
Date: Thu, 12 Jul 2012 19:22:22 -0700
Message-ID: <CAPik8ybB-pzn8M3JVJJtpZK-DHEW8amsw_kjbLNQSNQ4dkjeLQ@mail.gmail.com>
From: Paul Hoffman <paul.hoffman@gmail.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.220.171; envelope-from=paul.hoffman@gmail.com; helo=mail-vc0-f171.google.com
X-W3C-Hub-Spam-Status: No, score=-2.7
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1SpVWq-0003Ur-ND 0592784dcf4ded5a0340627b81d54d79
X-Original-To: ietf-http-wg@w3.org
Subject: HTTP2 Expression of Interest
Archived-At: <http://www.w3.org/mid/CAPik8ybB-pzn8M3JVJJtpZK-DHEW8amsw_kjbLNQSNQ4dkjeLQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/14125
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Greetings again. I am not an implementer or a deployer. I am making this statement of interest as Just Some Person. Please take these comments in that light relative to those from implementers and deployers. Given what we know about users inability to choose good passwords and their lack of ability to use good passwords that are chosen for them, it is incredibly important that a non-password authentication mechanism be described for HTTP 2. Thus, I support HOBA or something HOBA-like. The HOBA proposal as it stands has a lot of significant issues, but the idea of portable origin-bound certificates for HTTP clients is the correct way to do non-password authentication for HTTP. draft-williams-rest-gss relies on GSSAPI, which has thin adoption even after many years. draft-montenegro-httpbis-multilegged-auth is an interesting way to get non-password authentication (and NTLM!) into HTTP, but I suspect that not having a mandatory authentication mechanism that is widely supported will mean that this document will go unimplemented. At least one password-based authentication mechanism should also be standardized for HTTP 2. Of these, draft-oiwa-httpbis-mutualauth and draft-oiwa-httpbis-auth-extension seem to solve more of the problems with passwords than draft-melnikov-httpbis-scram-auth. I am willing to contribute to and review proposals for non-password authentication. I am willing to provide a bit of late review to a password-based proposal. --Paul Hoffman
- HTTP2 Expression of Interest Rob Trace
- HTTP2 Expression of Interest Paul Hoffman
- Re: HTTP2 Expression of Interest Nico Williams
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Nico Williams
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Nico Williams
- RE: HTTP2 Expression of Interest Paul Leach
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- HTTP2 Expression of Interest Jonathan Silvera
- HTTP2 Expression of Interest Doug Beaver
- Re: HTTP2 Expression of Interest Willy Tarreau
- Re: HTTP2 Expression of Interest James M Snell
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Poul-Henning Kamp
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Poul-Henning Kamp
- HTTP2 Expression of Interest Sam Johnston
- HTTP2 Expression of Interest James Tucker
- Re: Re[2]: HTTP2 Expression of Interest Rajeev Bector
- RE: HTTP2 Expression of Interest Doug Beaver
- Re: HTTP2 Expression of Interest Tim Bray
- Re: HTTP2 Expression of Interest Grahame Grieve
- Re: HTTP2 Expression of Interest James M Snell
- Re: HTTP2 Expression of Interest Mike Belshe
- Re[2]: HTTP2 Expression of Interest Adrien W. de Croy
- Re: HTTP2 Expression of Interest Martin J. Dürst
- Re: HTTP2 Expression of Interest Martin Thomson
- Re[2]: HTTP2 Expression of Interest Adrien W. de Croy
- Re[4]: HTTP2 Expression of Interest Adrien W. de Croy
- Re: Re[4]: HTTP2 Expression of Interest Mike Belshe
- Re: HTTP2 Expression of Interest Mike Belshe
- Re[6]: HTTP2 Expression of Interest Adrien W. de Croy
- Re: Re[6]: HTTP2 Expression of Interest Mike Belshe
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Mike Belshe
- Re: Re[6]: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: Re[6]: HTTP2 Expression of Interest Mike Belshe
- Re: HTTP2 Expression of Interest Mike Belshe
- Re: Re[6]: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: Re[6]: HTTP2 Expression of Interest Mike Belshe
- Re: Re[4]: HTTP2 Expression of Interest Roberto Peon
- Re: Re[6]: HTTP2 Expression of Interest Willy Tarreau
- Re: Re[6]: HTTP2 Expression of Interest Mike Belshe
- Re: Re[6]: HTTP2 Expression of Interest Willy Tarreau
- Re: Re[6]: HTTP2 Expression of Interest Mike Belshe
- Re: HTTP2 Expression of Interest Julian Reschke
- Re[8]: HTTP2 Expression of Interest Adrien de Croy
- Re: Re[6]: HTTP2 Expression of Interest Willy Tarreau
- RE: HTTP2 Expression of Interest Henrik Frystyk Nielsen
- Re: HTTP2 Expression of Interest Mike Belshe
- Re[2]: HTTP2 Expression of Interest Adrien de Croy
- Re[2]: HTTP2 Expression of Interest Adrien de Croy
- Re: HTTP2 Expression of Interest Poul-Henning Kamp
- Re: Re[6]: HTTP2 Expression of Interest Phillip Hallam-Baker
- Re: Re[6]: HTTP2 Expression of Interest Nicolas Mailhot
- Re: HTTP2 Expression of Interest Yoav Nir
- Re: HTTP2 Expression of Interest Nicolas Mailhot
- Re: HTTP2 Expression of Interest Poul-Henning Kamp
- Re: HTTP2 Expression of Interest Werner Baumann
- Re: HTTP2 Expression of Interest Amos Jeffries