IETF Logo Mail Archive

Re: [saag] Reminder: Call for Proposals - HTTP/2.0 and HTTP Authentication

Nico Williams <nico@cryptonector.com> Tue, 15 May 2012 16:33 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D5C521F8808 for <saag@ietfa.amsl.com>; Tue, 15 May 2012 09:33:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.817
X-Spam-Level:
X-Spam-Status: No, score=-1.817 tagged_above=-999 required=5 tests=[AWL=0.160, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 54vOFnHCFPkx for <saag@ietfa.amsl.com>; Tue, 15 May 2012 09:33:07 -0700 (PDT)
Received: from homiemail-a65.g.dreamhost.com (caiajhbdcahe.dreamhost.com [208.97.132.74]) by ietfa.amsl.com (Postfix) with ESMTP id 8A2ED21F87D6 for <saag@ietf.org>; Tue, 15 May 2012 09:33:07 -0700 (PDT)
Received: from homiemail-a65.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a65.g.dreamhost.com (Postfix) with ESMTP id 41BF47E4065 for <saag@ietf.org>; Tue, 15 May 2012 09:33:07 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=fPWBO9Mb/H2ud7NMOe5Jn BlucrX2OyvoXqqvd013HGDJMIQkJbQc2jRPIxv+nUvfANDnk6NRnUO+sAnbrSgPz JEDlIOxIjDSd53fFIwSDtoPd3iUatffCelH6aeX6Fk7s71ptQHBXQUS2p76/BKaS GRDJ3banXpFl5t1enVqkq8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=oQsHbKLWLX8RuAlonb++ a4funBE=; b=FS/os7xF8xyRH2xZJzEIev0dw+aXQ/9oUjl+Rmn5TFa5n06oCJQ7 plHRg9hno+5mGdhgFD+UTONTw2mKJH0YzscqVloZgg4uN361ryhB8e5RCNd2NtwJ ffJbC29ES3O0TFgsR3eypmeZoFzqtrR2yufTO0iO+F47IG6BIY8xS8M=
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a65.g.dreamhost.com (Postfix) with ESMTPSA id 23F5A7E405D for <saag@ietf.org>; Tue, 15 May 2012 09:33:07 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so7989188pbc.31 for <saag@ietf.org>; Tue, 15 May 2012 09:33:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.204.2 with SMTP id ku2mr7124872pbc.55.1337099586787; Tue, 15 May 2012 09:33:06 -0700 (PDT)
Received: by 10.68.5.99 with HTTP; Tue, 15 May 2012 09:33:06 -0700 (PDT)
In-Reply-To: <F656F4BC-A9BA-4BEB-A1CE-1C603A8ACEBD@vpnc.org>
References: <14A09626-8397-4656-A042-FEFDDD017C9F@mnot.net> <4DAC6FBC-3E6D-4CD1-9B5C-0CA5986169A5@mnot.net> <A4D25A70-C9BA-4E0D-A271-F3E6C5E01465@vpnc.org> <CAK3OfOjN=1T3kzxJ3Gcx500=23Y8xcrt=c2XCOnAo8HBB4TUpQ@mail.gmail.com> <F656F4BC-A9BA-4BEB-A1CE-1C603A8ACEBD@vpnc.org>
Date: Tue, 15 May 2012 11:33:06 -0500
Message-ID: <CAK3OfOgUJCzeCJpHW_B8ieq657aLeibRJyVpHmjrfYsExJ1+rA@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="UTF-8"
Cc: IETF Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Reminder: Call for Proposals - HTTP/2.0 and HTTP Authentication
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 16:33:08 -0000

On Tue, May 15, 2012 at 11:16 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> I'm pretty sure that a pointer to draft-williams-rest-gss-00 (or any other expired draft in this area) is all the httpbis WG needs; they don't need an up-to-date draft.

Good point.  But working on the classification document is making me
think of possible enhancements to my proposal anyways :)

> Having said that, I bet that they would very much like to see a classification / analysis document to help them!

Right.  Assuming they get lots of proposals it will be necessary to
figure out how to analyze them.  Even if they get no proposals it'd be
useful to have such a document to guide any design team.

Personally I continue to believe that there will not be a single
authentication mechanism that satisfies all users' needs, so I will
continue to argue for pluggable frameworks.  However, I'm less
interested in this than I am in the analysis at this point.

As for the dearth of proposals...  I suspect part of it is not knowing
what HTTP 2.0 will look like, and part of it is weariness: web auth
has been a resisting solutions for many years now.  Perhaps no one
really expects HTTPbis WG to be able to crack that nut?

Nico
--

v2.23.0 | Report a Bug | By Email