ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: with merit?

2006-10-23 19:18:44
from [Hallam-Baker, Phillip] [Permanent Link] 
I am somewhat confused here.

The reason that the community is able to tollerate the authentication mechanism 
in HTTP is that the authentication process has effectively been moved to a 
different part of the stack by insisting on the use of SSL transport. 

SSL/TLS is not an ideal solution for every application but it is certainly 
sufficient for the purposes of meeting IETF security requirements. 

We have no security in IP either, IPSEC is a layer on IP.

The current momentum in the HTTP area is behind the use of WS-Security and the 
WS-* stack in cases where extended validation is required at the application 
level. That is the whole point of using the SOAP stack for Web Services.


-----Original Message-----
From: Sam Hartman [mailto:hartmans-ietf(_at_)mit(_dot_)edu] 
Sent: Thursday, October 19, 2006 1:05 PM
To: Robert Sayre
Cc: IETF discussion list
Subject: Re: with merit?


"Robert" == Robert Sayre <rsayre(_at_)mozilla(_dot_)com> writes:


    Robert> OK. I want to write a document that makes MTI a
    Robert> non-requirement for HTTP1.1-based protocols, because I
    Robert> believe that is the consensus in the HTTP community. How
    Robert> do I get that done?

You start by writing a draft.
It would need to be  targeted at a BCP.

You ask people to discuss your draft.  Get consensus in the 
HTTP community.

Then, try and get broader discussion.  Eventually, if you get 
enough support, ask an apps or security AD to sponsor the 
document.  There are some tricky issues surrounding internal 
IESG process because currently, it takes at least one person 
who believes a document is a good idea to bring it before the 
IESG.  However if you get sufficient IETF consensus that it 
is clear the document needs to be considered we'll find a way 
to do that.

Now, I do think you will be fighting an up-hill battle.  I 
strongly disagree with what you are trying to do.  A lot of 
other people do to; we will all try and build a consensus against you.

However, I at least, and I think everyone on the IESG will 
strongly support your ability to try and build a consensus 
and to make sure that your ideas and drafts are given fair 
consideration.


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf




_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • RE: with merit?, Hallam-Baker, Phillip <=
Previous by Date:  Re: Last Call: 'Progressive Posting Rights Supsensions' to BCP (draft-carpenter-rescind-3683), Jeffrey Hutzelman
Next by Date:  RE: DNS pollution, Hallam-Baker, Phillip
Previous by Thread:  Re: Response to appeal by Robert Sayre dated 2006-08-29, Robert Sayre
Next by Thread:  Qualified participant: Was RE: draft-kolkman-appeal-support, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]