On 02/25/2012 02:20 PM, Julian Reschke wrote:
On 2012-02-25 15:13, Stephen Farrell wrote:
On 02/25/2012 02:03 PM, Julian Reschke wrote:
If we just need a new authentication scheme, nothing stops people from
working on that right now.
I don't agree with you there - the perceived low probability that
something will be deployed is a real disincentive here. We have had
people wanting to do work on this and have been told there's no point
because it won't get adopted.
Just checking: so you think what's needed is a normative requirement to
implement the new scheme? Do you really believe that that's what holding
up improvements in this area?
The first thing is not something I said and I don't know quite what
it means so its also not something I believe. I therefore also do not
believe the 2nd thing.
> I don't see how that should affect HTTP/2.0.
Well, a number of people have noticed that current schemes
are getting long in the tooth and fixing stuff like that when
you do a major rev of a protocol is quite a reasonable thing
to do.
If there's something from with the framework, let's fix the framework.
That's already covered by the current charter, no?
I don't think fixing or changing the framework will give us better
auth schemes by itself. (Better auth schemes may or may not require
changes to the framework, I dunno.)
So I think you're raising a side issue here really.
S
If the "right" way to do security needs changes in the HTTP/1.1
authentication framework, then we should fix/augment/tune HTTP/1.1. It's
not going to go away anytime soon.
Sure, I agree with that and think the plan above allows for it.
My point being: this is something we already do in httpbis. What's
missing is concrete bug reports.
Best regards, Julian
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf