Ted;
Do you mean the object security BOF that met Wednesday morning or the shttp
meeting from Tuesday night? I would think this would fall in the object
security scope as well.
Phil Smiley
-------------
Original Text
From TTso @ SMTP (Theodore Ts'o)
{pem-dev-request(_at_)magellan(_dot_)TIS(_dot_)COM}, on
12/14/94 10:48 PM:
To: hallam @ SMTP (hallam) {hallam(_at_)dxal18(_dot_)cern(_dot_)ch}
Cc: PWillia @ SMTP (Peter Williams)
{williams(_at_)atlas(_dot_)arc(_dot_)nasa(_dot_)gov}, pem-dev @
SMTP (pem-dev) {pem-dev(_at_)tis(_dot_)com}, hallam @ SMTP (hallam)
{hallam(_at_)dxal18(_dot_)cern(_dot_)ch}
Date: Thu, 15 Dec 94 07:31:58 +0900
From: hallam(_at_)dxal18(_dot_)cern(_dot_)ch
>Similarly for http
>to html hypermedia security interactions. This will be lots of fun; but
> going to take a while, I forsee.
This is why I don't think its a good idea to start from the proposal that
Secure[HTTP] = PEM. Unless people want to make PEM hideously complex I
doubt that its feasible. Even if it were there are shortcuts avaliable in
HTTP that arn't in email. In HTTP one can always offload stuff onto a URI.
There's a separate working group that's about to be formed to address
this, actually. The HTTP Security BOF met at the last IETF, and work is
now underway to draft a charter for that group. So discussions on that
topic probably should be moved to that forum.
Unfortunately, I don't have the mailing list for that group handy --- if
someone who also attended the HTTP-S bof could post it, that would be
greatly appreciated.
- Ted