At 1:05 PM -0400 8/21/07, Sam Hartman wrote:
I don't think it would be appropriate to publish this document as a BCP that future HTTP authentication work needs to be held to.
That's good to hear. But...
I do hope that we have consensus these are good requirements,
We absolutely do not have any such consensus. There was barely any discussion during IETF Last Call. There was not a mailing list for discussing the draft. Speaking for myself, I didn't comment because I thought it was meant to be an Informational RFC saying what Sam Thinks About These Requirements. The IETF Last Call announcement said *nothing* suggesting that this was a consensus call. There was also no call for consensus on either the Applications Area or Security Area mailing lists.
It is inappropriate to change the intended use of this document after IETF Last Call. Even if you use the term "consensus" loosely, it is also inappropriate to change the status of this document ("consensus is unknown" vs. "it has consensus") after the discussion, particularly given how little discussion there was.
--Paul Hoffman, Director --VPN Consortium _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf