Hiya,
On 02/25/2012 02:05 AM, Mark Nottingham wrote:
Hi Stephen,
On 24/02/2012, at 11:54 PM, Stephen Farrell wrote:
On 02/24/2012 01:24 AM, Roy T. Fielding wrote:
On Feb 23, 2012, at 5:18 PM, Tim Bray wrote:
On Thu, Feb 23, 2012 at 5:13 PM, Roy T. Fielding<fielding@xxxxxxxx> wrote:
How many times do we have to do this before we declare insanity?
I don't care how much risk it adds to the HTTP charter. They are
all just meaningless deadlines anyway. If we want HTTP to have
something other than Basic (1993) and Digest (1995) authentication,
then it had better be part of *this* charter so that the proposals
can address them.
Well, Digest already isn't used by anyone :)
A popular misconception because it works unseen. See tools.ietf.org
Seriously, someone needs to propose some charter language or this
discussion is a no-op. -Tim
"Proposals for new HTTP authentication schemes are in scope."
How would a plan like the following look to folks:
- httpbis is chartered to include auth mechanism work as
per the above (or whatever text goes into the charter)
- that'll generate a slew of proposals, some good, some
bad, some better-than-current and some too complex
- plan is for httpbis to pick something (one or more if
they want, but one better-than-current one is the goal)
- give all the above a short timeframe (this year, pick
which to work on at the same time as re-chartering for
the details of HTTP/2.0 maybe)
- httpbis pick what they want, (zero or more) and go
do their stuff
Is the goal for HTTPbis "one or more" or "zero or more"? I see both above.
Again - I'm absolutely fine with soliciting proposals, but requiring output is a different thing.
Yeah that's a tricky one. While one might like to
see "one or more" in both places that might not be
practical.
In the proposal above the goal is that httpbis pick one
or more but recognising the reality that we might not get
a new proposal that httpbis will accept and that folks
will really implement and deploy.
So:
Goal = one or more
Reluctant recognition of reality = zero or more
With this plan if httpbis in fact select zero new proposals
that would represent a failure for all concerned. The "zero
or more" term is absolutely not intended to provide a way to
just punt on the question.
Such a failure at the point where httpbis was re-chartering
to work on a HTTP/2.0 selection with no better security than
we now have is probably better evaluated as a whole - I
guess the question for the IETF/IESG at that point would
be whether the Internet would be better with or without
such a beast, or better waiting a while until the security
thing did get fixed.
I can imagine an argument might ensue about that;-)
S
Thanks,
--
Mark Nottingham http://www.mnot.net/
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf