On 24/02/2012, at 12:24 PM, Roy T. Fielding wrote:
On Feb 23, 2012, at 5:18 PM, Tim Bray wrote:
On Thu, Feb 23, 2012 at 5:13 PM, Roy T. Fielding
How many times do we have to do this before we declare insanity?
I don't care how much risk it adds to the HTTP charter. They are
all just meaningless deadlines anyway. If we want HTTP to have
something other than Basic (1993) and Digest (1995) authentication,
then it had better be part of *this* charter so that the proposals
can address them.
Well, Digest already isn't used by anyone :)
A popular misconception because it works unseen. See tools.ietf.org
Seriously, someone needs to propose some charter language or this
discussion is a no-op. -Tim
"Proposals for new HTTP authentication schemes are in scope."
No one has said they're out of scope; this discussion has been about whether --
at this point in time, before we have proposals -- we require the outcome to
jump through some particular hoop regarding security.
Mark Nottingham http://www.mnot.net/
Ietf mailing list