[Ietf-caldav] References in draft-dusseault-caldav-12
Julian Reschke
julian.reschke at gmx.de
Fri Jun 23 12:44:35 PDT 2006
Lisa Dusseault schrieb:
>
> On Jun 23, 2006, at 12:29 PM, Julian Reschke wrote:
>
>> Lisa Dusseault schrieb:
>>> ...
>>> It would indeed be better to solve it in the base spec if we had time
>>> and resources. Mark Nottingham is holding a bar BOF in Montreal to
>>> see if there's interest in making some updates to HTTP, which might
>>> include this. But since that's such a long-term approach, I don't
>>> think it's the right thing to wait for here, nor is it the right
>>> thing to leave decent security optional.
>>> Thus, I don't agree with your opinion on this, but you're welcome to
>>> attempt to argue it with the IESG (iesg at ietf.org) or the Security
>>> directorate (secdir at mit.edu).
>>> ...
>>
>> OK, let's try a very simple question:
>>
>> How are the security requirements for CalDAV different from those for
>> WebDAV?
>
> It's not. WebDAV makes the same requirement, with the exception of not
> making TLS the mandatory-to-implement mechanism. CalDAV simply goes a
> step further in ensuring interoperability, in addition to security.
>
> Would you propose updating RFC2518bis to make TLS mandatory?
The point I'm trying to make is that if CalDAV and WebDAV share the same
security requirements, they optimally should say the same thing. As
CalDAV already normatively refers to RFC2518bis, this means it doesn't
need to say anything about it all.
I'm not a security expert. But if the experts think that what RFC2518bis
currently says isn't sufficient, then yes, it should be updated.
Best regards, Julian
More information about the Ietf-caldav
mailing list