Director, Transport Area
Internet Engineering Task Force (IETF)
On 2/22/12 12:31 PM, "Paul Hoffman" <paul(_dot_)hoffman(_at_)vpnc(_dot_)org>
The earnest calls for better authentication on this thread appear to
ignore the fact that the very things that are being requested were put
out of scope for the websec WG in their charter. I hope that no one
things that a WG in the Applications Area will be better equipped to come
up with a better authentication mechanism than one in the Security Area.
Asking the HTTPheads to guess what the securityheads might want is not a
good way to design HTTP 2.0.
Proposal: leave the httpbis WG charter as-is and re-charter the websec WG
to consider what is needed in the HTTP authentication model. Later,
recharter the websec WG to, you know, actually do the security work for
Ietf mailing list