On Feb 22, 2012, at 10:35 AM, Stephen Farrell wrote: > Regardless of that you do have a fair point that asking > apps folks to do stuff that'll please security folks might > be asking for trouble:-) > > However, the counter to that is that security folks doing > stuff without enough apps input might produce something that > won't get adopted which also doesn't produce the right end > result. > > Anyway, I think this topic, if tackled, won't lack > interested participants and will get plenty of security > and apps input no matter how we organise it. Peter St.Andre's suggestion of a separate WG to deal specifically with HTTP authentication seems like the best way to be sure both sets of parties are fully involved. If the IESG charters it within the next few months, the HTTP 2.0 work can be informed by any changes (if any) that are needed. --Paul Hoffman _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf