>>>>> On Tue, 21 Feb 2012 23:01:09 +0000, Stephen Farrell <stephen.farrell@xxxxxxxxx> said: >> The approach we're advocating for this WG is to solicit well-formed >> proposals, select one and develop it. >> >> If there isn't one for HTTP authentication, how are you advocating we proceed? SF> Right now, I'm interested in what others reviewing the SF> draft charter think about this topic. That's the point SF> of having this discussion in the open like this. IMHO, if you want security to be well integrated into the next version of the protocol, then it should be thought about up front. The IETF doesn't have a great track record of adding security later to protocols in a way that is seamless and integrated. And if you don't put thinking about security in the "solicitation request" charter version, then you may well end up in the state that Mark is worried about: none of the answers have security considered. I think the charter should definitely have a requirement indicating that proposals must explain how security techniques would fit into it in the future, even if they don't fully define the solution/extension itself. -- Wes Hardaker SPARTA, Inc. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf