ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Request for review and consensus -- draft-hartman-webauth-phishing

2008-09-08 05:02:48
from [Simon Josefsson] [Permanent Link] 
The document says that the intended status is 'Informational'.
Statements such as "IETF recommends", and normative words such as 'MUST'
as used as per RFC 2119, appears inconsistent with the intended use of
the 'Informational' status (RFC 2026 4.2.2):

   An "Informational" specification is published for the general
   information of the Internet community, and does not represent an
   Internet community consensus or recommendation.

Thus, I suggest that either

1) The intended status of the document is changed to
   Best-Current-Practice.

2) The normative words, references to RFC 2119, and statements regarding
   'IETF recommends' are removed.

I would prefer 1).

Thanks,
Simon

Lisa Dusseault <lisa(_at_)osafoundation(_dot_)org> writes:


You may have seen this draft a year ago; Sam is back working on it and
produced version -09 last month.

http://tools.ietf.org/html/draft-hartman-webauth-phishing-09

If you've reviewed it before, please take a look at the changes.  If
you'd like to review it, please do.  I'm the shepherd for this draft,
so comments can be sent to me, to Sam as author, to
ietf-http-auth(_at_)osafoundation(_dot_)org , or to the IETF general list as
appropriate.

In addition to getting general input, I'd like to get a sense of
whether we have consensus on a couple things.

a).  The statement including "IETF recommends", from section 1.1 of
the draft:

   "In publishing this memo, the IETF recommends making available
   authentication mechanisms that meet the requirements outlined in
   Section 4 in HTTP user agents including web browsers.  It is hoped
   that these mechanisms will prove a useful step in fighting phishing.
   However this memo does not restrict work either in the IETF or any
   other organization.  In particular, new authentication efforts are
   not bound to meet the requirements posed in this memo unless the
   charter for those efforts chooses to make these binding
requirements.
   Less formally, the IETF presents this memo as an option to pursue
   while acknowledging that there may be other promising paths both now
   and in the future."

b) Whether the document should require mutual authentication (section
4.4).

Thanks,
Lisa D.

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: draft-ietf-forces-mib (ForCES MIB) to Proposed Standard, Bert Wijnen \(IETF\)
Next by Date:  Re: Last Call: RFC2183 to obsolete RFC1806, John C Klensin
Previous by Thread:  Re: Last Call: draft-ietf-forces-mib (ForCES MIB) to Proposed Standard, Bert Wijnen \(IETF\)
Next by Thread:  Re: Request for review and consensus -- draft-hartman-webauth-phishing, Sam Hartman
Indexes:  [Date] [Thread] [Top] [All Lists]