[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Considerations

To: "Robert Sayre" <sayrer@xxxxxxxxx>
Subject: Re: Security Considerations
From: Sam Hartman <hartmans-ietf@xxxxxxx>
Date: Thu, 03 Aug 2006 13:38:42 -0400
Cc: "Eric Rescorla" <ekr@xxxxxxxxxxxxxxxxxxxx>, "James M Snell" <jasnell@xxxxxxxxx>, "Brian E Carpenter" <brc@xxxxxxxxxxxxxx>, "Roy T. Fielding" <fielding@xxxxxxxx>, "Lisa Dusseault" <lisa@xxxxxxxxxxxxxxxxx>, "atom-protocol Protocol" <atom-protocol@xxxxxxx>, "IESG IESG" <iesg@xxxxxxxx>
In-reply-to: <68fba5c50608030928k7345551cx9d44e17c2b574fc1@xxxxxxxxxxxxxx> (Robert Sayre's message of "Thu, 3 Aug 2006 12:28:21 -0400")
List-archive: <http://www.imc.org/atom-protocol/mail-archive/>
List-id: <atom-protocol.imc.org>
List-unsubscribe: <mailto:atom-protocol-request@imc.org?body=unsubscribe>
References: <44D21C44.1020701@xxxxxxxxx> <20060803160531.DDC32222426@xxxxxxxxxxxxxxxxxxxxxxxxxx> <68fba5c50608030928k7345551cx9d44e17c2b574fc1@xxxxxxxxxxxxxx>
Sender: owner-atom-protocol@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)



Hi folks.

This has been a long discussion and has helped us all understand our
various points of view, but I think we are no longer making forward
progress.

The IESG discussed this issue during the working group news section of
today's telechat.

The conclusion of those on the call is that in order to meet IETF
interoperability requirements APP must normatively require a mandatory
to implement security mechanism for HTTP authentication.

Thanks again for helping us all understand this complex issue.

There are a lot of related items that came out of this discussion.  I
don't think it would be appropriate to block APP.  However if the
right group of people want to get together and write a security
current practices document for HTTP, that might be useful to future
protocols in the same position as APP.  That effort would need to be
coordinated with several related HTTP efforts that are underway or
being considered.

Sam Hartman
Security Area Director

Follow-Ups:
- Re: Security Considerations
  - From: Bill de hÓra
- Re: Security Considerations
  - From: Joe Gregorio
- Re: Security Considerations
  - From: James M Snell

References:
- Re: Security Considerations
  - From: James M Snell
- Re: Security Considerations
  - From: Eric Rescorla
- Re: Security Considerations
  - From: Robert Sayre

Prev by Date: Re: Security Considerations
Next by Date: Re: Security Considerations
Previous by thread: Re: Security Considerations
Next by thread: Re: Security Considerations
Index(es):
- Date
- Thread