On 2012-02-25 14:46, Stephen Farrell wrote:
... Yeah that's a tricky one. While one might like to see "one or more" in both places that might not be practical. In the proposal above the goal is that httpbis pick one or more but recognising the reality that we might not get a new proposal that httpbis will accept and that folks will really implement and deploy. So: Goal = one or more Reluctant recognition of reality = zero or more With this plan if httpbis in fact select zero new proposals that would represent a failure for all concerned. The "zero or more" term is absolutely not intended to provide a way to just punt on the question. Such a failure at the point where httpbis was re-chartering to work on a HTTP/2.0 selection with no better security than we now have is probably better evaluated as a whole - I guess the question for the IETF/IESG at that point would be whether the Internet would be better with or without such a beast, or better waiting a while until the security thing did get fixed. I can imagine an argument might ensue about that;-) ...
If we just need a new authentication scheme, nothing stops people from working on that right now. I don't see how that should affect HTTP/2.0.
If the "right" way to do security needs changes in the HTTP/1.1 authentication framework, then we should fix/augment/tune HTTP/1.1. It's not going to go away anytime soon.
Best regards, Julian _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf