[in-line]
On Tue, Feb 21, 2012 at 2:40 PM, Mark Nottingham <mnot(_at_)mnot(_dot_)net>
wrote:
And then should it include adding some new options
or MTI auth schemes as part of HTTP/2.0 or even looking
at that? (I think it ought to include trying for that
personally, even if there is a higher-than-usual risk
of failure.)
Based on past experience, I think the risk is very high, and we don't need to
pile any more risk onto this particular project.
+1
HTTP's ability to be equipped with security technology has been
adequate, and I haven't heard much argument that its semantics were
the big obstacle to newer/better security. Preserving its semantics
means its successor should be equally adequate.
Mnot is *understating* the risk of loading up the charter with this stuff. -T
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf