I am somewhat confused here.
The reason that the community is able to tollerate the authentication mechanism
in HTTP is that the authentication process has effectively been moved to a
different part of the stack by insisting on the use of SSL transport.
SSL/TLS is not an ideal solution for every application but it is certainly
sufficient for the purposes of meeting IETF security requirements.
We have no security in IP either, IPSEC is a layer on IP.
The current momentum in the HTTP area is behind the use of WS-Security and the
WS-* stack in cases where extended validation is required at the application
level. That is the whole point of using the SOAP stack for Web Services.
-----Original Message-----
From: Sam Hartman [mailto:hartmans-ietf(_at_)mit(_dot_)edu]
Sent: Thursday, October 19, 2006 1:05 PM
To: Robert Sayre
Cc: IETF discussion list
Subject: Re: with merit?
"Robert" == Robert Sayre <rsayre(_at_)mozilla(_dot_)com> writes:
Robert> OK. I want to write a document that makes MTI a
Robert> non-requirement for HTTP1.1-based protocols, because I
Robert> believe that is the consensus in the HTTP community. How
Robert> do I get that done?
You start by writing a draft.
It would need to be targeted at a BCP.
You ask people to discuss your draft. Get consensus in the
HTTP community.
Then, try and get broader discussion. Eventually, if you get
enough support, ask an apps or security AD to sponsor the
document. There are some tricky issues surrounding internal
IESG process because currently, it takes at least one person
who believes a document is a good idea to bring it before the
IESG. However if you get sufficient IETF consensus that it
is clear the document needs to be considered we'll find a way
to do that.
Now, I do think you will be fighting an up-hill battle. I
strongly disagree with what you are trying to do. A lot of
other people do to; we will all try and build a consensus against you.
However, I at least, and I think everyone on the IESG will
strongly support your ability to try and build a consensus
and to make sure that your ideas and drafts are given fair
consideration.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf