ietf
[Top] [All Lists]

Re: Updating the rules?

2007-07-14 08:29:32
Julian:

I provided review and comment for the text that was sent forward to IESG Evaluation. It sounds like your issues are in the process before I saw the text.

As I said in my first posting, I'll let others provide rationale for their own actions.

Russ

At 03:47 PM 7/13/2007, Julian Reschke wrote:
Russ Housley wrote:
That is not the way the document arrived to the IESG.  It said:
   The type of authentication deployed is a local decision made by the
   server operator.  Clients are likely to face authentication schemes
   that vary across server deployments.  At a minimum, client and server
   implementations MUST be capable of being configured to use HTTP Basic
   Authentication [RFC2617] in conjunction with a TLS [RFC2246]
   connection as defined in [RFC2818] (but note that [RFC2246] has been
   superseded by [RFC4346]).  See [RFC4346] for more information on TLS.
The normative reference cites TLS 1.0, making it the only version that is permitted.
Russ

Yes, and that problem was known when it was submitted (together with confusing statement about RFC4346 which follows in the next sentence).

Originally the WG didn't want to put it any MTI requirement at all. As far as I can recall, we ended up with the text that was submitted because we were told that "this is what you need to do to get IESG approval".

The changes made in the latest draft clearly are an improvement over the text that was submitted, and hopefully the spec can now proceed.

Best regards and sorry for the confusion,

Julian



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>