At 1:05 PM -0400 8/21/07, Sam Hartman wrote:
I don't think it would be appropriate to publish this document as a
BCP that future HTTP authentication work needs to be held to.
That's good to hear. But...
hope that we have consensus these are good requirements,
We absolutely do not have any such consensus. There was barely any
discussion during IETF Last Call. There was not a mailing list for
discussing the draft. Speaking for myself, I didn't comment because I
thought it was meant to be an Informational RFC saying what Sam
Thinks About These Requirements. The IETF Last Call announcement said
*nothing* suggesting that this was a consensus call. There was also
no call for consensus on either the Applications Area or Security
Area mailing lists.
It is inappropriate to change the intended use of this document after
IETF Last Call. Even if you use the term "consensus" loosely, it is
also inappropriate to change the status of this document ("consensus
is unknown" vs. "it has consensus") after the discussion,
particularly given how little discussion there was.
--Paul Hoffman, Director
Ietf mailing list