security features.... (Re: Facts, please)
2006-09-19 00:20:27
Robert Sayre wrote:
On 9/19/06, Russ Allbery <rra(_at_)stanford(_dot_)edu> wrote:
Robert Sayre <sayrer(_at_)gmail(_dot_)com> writes:
> Thankfully, the complete failure known as HTTP 1.1 would never make it
> to Proposed Standard under the unwritten process we have now. For
> example, it doesn't contain a mandatory, universally interoperable
> authentication feature.
That's right, it doesn't, and the lack of that feature is a first-rate
pain in the ass.
I don't disagree. The IETF might first try to design an authentication
feature worth requiring. None of the current options are at all
satisfactory.
In fact TLS + HTTP Basic Auth is pretty interoperable, secure against
quite a few attacks, and widely deployed.
The requirements needed to be "satisfactory" depend very much on your
viewpoint; last week I talked to the guy who implemented Freenigma (PGP
for web mailers, http://www.freenigma.com), and he commented that "this
will never get past the security gurus in the IETF because it's so
simple, people might actually use it".
That says something frightening about the kind of impression we give to
people who work on making usable security. "Usable" needs to be an
important component of "satisfactory".
(He's quite aware of the obvious security defects of his scheme, btw.
It's a tradeoff.)
Harald
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: Facts, please, not handwaving [Re: Its about mandate RE: Why cant the IETF embrace an open Election Process], Hallam-Baker, Phillip
- Re: Facts, please, not handwaving [Re: Its about mandate RE: Why cant the IETF embrace an open Election Process], grenville armitage
- Re: Facts, please, not handwaving [Re: Its about mandate RE: Why cant the IETF embrace an open Election Process], Robert Sayre
- Re: Facts, please, not handwaving [Re: Its about mandate RE: Why cant the IETF embrace an open Election Process], Russ Allbery
- Re: Facts, please, not handwaving [Re: Its about mandate RE: Why cant the IETF embrace an open Election Process], Robert Sayre
- security features.... (Re: Facts, please),
Harald Alvestrand <=
- Re: security features.... (Re: Facts, please), Tony Finch
- Re: security features.... (Re: Facts, please), Robert Sayre
- Re: security features.... (Re: Facts, please), Jeffrey Altman
- Re: security features.... (Re: Facts, please), Dave Cridland
Re: Facts, please, not handwaving [Re: Its about mandate RE: Why cant the IETF embrace an open Election Process], Brian E Carpenter
|
|
|