On Tue, 21 Feb 2012 23:01:09 +0000, Stephen Farrell
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> said:
The approach we're advocating for this WG is to solicit well-formed
proposals, select one and develop it.
If there isn't one for HTTP authentication, how are you advocating we
proceed?
SF> Right now, I'm interested in what others reviewing the
SF> draft charter think about this topic. That's the point
SF> of having this discussion in the open like this.
IMHO, if you want security to be well integrated into the next version
of the protocol, then it should be thought about up front. The IETF
doesn't have a great track record of adding security later to protocols
in a way that is seamless and integrated.
And if you don't put thinking about security in the "solicitation
request" charter version, then you may well end up in the state that
Mark is worried about: none of the answers have security considered.
I think the charter should definitely have a requirement indicating that
proposals must explain how security techniques would fit into it in the
future, even if they don't fully define the solution/extension itself.
--
Wes Hardaker
SPARTA, Inc.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf