On Feb 22, 2012, at 10:35 AM, Stephen Farrell wrote:
Regardless of that you do have a fair point that asking
apps folks to do stuff that'll please security folks might
be asking for trouble:-)
However, the counter to that is that security folks doing
stuff without enough apps input might produce something that
won't get adopted which also doesn't produce the right end
result.
Anyway, I think this topic, if tackled, won't lack
interested participants and will get plenty of security
and apps input no matter how we organise it.
Peter St.Andre's suggestion of a separate WG to deal specifically with HTTP
authentication seems like the best way to be sure both sets of parties are
fully involved. If the IESG charters it within the next few months, the HTTP
2.0 work can be informed by any changes (if any) that are needed.
--Paul Hoffman
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf