The earnest calls for better authentication on this thread appear to ignore the fact that the very things that are being requested were put out of scope for the websec WG in their charter. I hope that no one things that a WG in the Applications Area will be better equipped to come up with a better authentication mechanism than one in the Security Area. Asking the HTTPheads to guess what the securityheads might want is not a good way to design HTTP 2.0. Proposal: leave the httpbis WG charter as-is and re-charter the websec WG to consider what is needed in the HTTP authentication model. Later, recharter the websec WG to, you know, actually do the security work for authentication. --Paul Hoffman _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf