On 2012-02-21 19:26, Stephen Farrell wrote:
Down below, for the proposed HTTP/2.0 work it says: > * Reflecting modern security requirements and practices In some earlier discussion I asked what "modern" means there. It seems to mean at least working well with TLS, but I'm not sure what else is meant, if anything. In particular, I think it'd be good to try get better (more usable, more secure etc.) HTTP authentication defined as a built-in part of HTTP/2.0. My initial take is that if we're not going to do this for a major revision of the protocol, then when are we going to do it? So I'd like to see that included. The counter argument offered was that better HTTP authentication is complex and probably hard to get right and so would be better handled separately.
I believe this should be orthogonal to HTTP/2.0. Is there a specific thing that makes it impossible to use the existing authentication framework?
...
Best regards, Julian _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf