ietf
[Top] [All Lists]

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

2012-02-25 08:21:27
On 2012-02-25 15:13, Stephen Farrell wrote:


On 02/25/2012 02:03 PM, Julian Reschke wrote:
On 2012-02-25 14:46, Stephen Farrell wrote:
...
Yeah that's a tricky one. While one might like to
see "one or more" in both places that might not be
practical.

In the proposal above the goal is that httpbis pick one
or more but recognising the reality that we might not get
a new proposal that httpbis will accept and that folks
will really implement and deploy.

So:
Goal = one or more
Reluctant recognition of reality = zero or more

With this plan if httpbis in fact select zero new proposals
that would represent a failure for all concerned. The "zero
or more" term is absolutely not intended to provide a way to
just punt on the question.

Such a failure at the point where httpbis was re-chartering
to work on a HTTP/2.0 selection with no better security than
we now have is probably better evaluated as a whole - I
guess the question for the IETF/IESG at that point would
be whether the Internet would be better with or without
such a beast, or better waiting a while until the security
thing did get fixed.

I can imagine an argument might ensue about that;-)
...

If we just need a new authentication scheme, nothing stops people from
working on that right now.

I don't agree with you there - the perceived low probability that
something will be deployed is a real disincentive here. We have had
people wanting to do work on this and have been told there's no point
because it won't get adopted.

Just checking: so you think what's needed is a normative requirement to implement the new scheme? Do you really believe that that's what holding up improvements in this area?

 > I don't see how that should affect HTTP/2.0.

Well, a number of people have noticed that current schemes
are getting long in the tooth and fixing stuff like that when
you do a major rev of a protocol is quite a reasonable thing
to do.

If there's something from with the framework, let's fix the framework. That's already covered by the current charter, no?

If the "right" way to do security needs changes in the HTTP/1.1
authentication framework, then we should fix/augment/tune HTTP/1.1. It's
not going to go away anytime soon.

Sure, I agree with that and think the plan above allows for it.

My point being: this is something we already do in httpbis. What's missing is concrete bug reports.

Best regards, Julian

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>