RE: with merit?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am somewhat confused here.

The reason that the community is able to tollerate the authentication mechanism in HTTP is that the authentication process has effectively been moved to a different part of the stack by insisting on the use of SSL transport. 

SSL/TLS is not an ideal solution for every application but it is certainly sufficient for the purposes of meeting IETF security requirements. 

We have no security in IP either, IPSEC is a layer on IP.

The current momentum in the HTTP area is behind the use of WS-Security and the WS-* stack in cases where extended validation is required at the application level. That is the whole point of using the SOAP stack for Web Services.

> -----Original Message-----
> From: Sam Hartman [mailto:hartmans-ietf@xxxxxxx] 
> Sent: Thursday, October 19, 2006 1:05 PM
> To: Robert Sayre
> Cc: IETF discussion list
> Subject: Re: with merit?
> 
> >>>>> "Robert" == Robert Sayre <rsayre@xxxxxxxxxxx> writes:
> 
>     Robert> OK. I want to write a document that makes MTI a
>     Robert> non-requirement for HTTP1.1-based protocols, because I
>     Robert> believe that is the consensus in the HTTP community. How
>     Robert> do I get that done?
> 
> You start by writing a draft.
> It would need to be  targeted at a BCP.
> 
> You ask people to discuss your draft.  Get consensus in the 
> HTTP community.
> 
> Then, try and get broader discussion.  Eventually, if you get 
> enough support, ask an apps or security AD to sponsor the 
> document.  There are some tricky issues surrounding internal 
> IESG process because currently, it takes at least one person 
> who believes a document is a good idea to bring it before the 
> IESG.  However if you get sufficient IETF consensus that it 
> is clear the document needs to be considered we'll find a way 
> to do that.
> 
> Now, I do think you will be fighting an up-hill battle.  I 
> strongly disagree with what you are trying to do.  A lot of 
> other people do to; we will all try and build a consensus against you.
> 
> However, I at least, and I think everyone on the IESG will 
> strongly support your ability to try and build a consensus 
> and to make sure that your ideas and drafts are given fair 
> consideration.
> 
> 
> _______________________________________________
> Ietf mailing list
> Ietf@xxxxxxxx
> https://www1.ietf.org/mailman/listinfo/ietf
> 
> 

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]