[in-line] On Tue, Feb 21, 2012 at 2:40 PM, Mark Nottingham <mnot@xxxxxxxx> wrote: >> And then should it include adding some new options >> or MTI auth schemes as part of HTTP/2.0 or even looking >> at that? (I think it ought to include trying for that >> personally, even if there is a higher-than-usual risk >> of failure.) > > > Based on past experience, I think the risk is very high, and we don't need to pile any more risk onto this particular project. +1 HTTP's ability to be equipped with security technology has been adequate, and I haven't heard much argument that its semantics were the big obstacle to newer/better security. Preserving its semantics means its successor should be equally adequate. Mnot is *understating* the risk of loading up the charter with this stuff. -T _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf