I think a non-HTTP solution is critically important, but it's equally important to get the security right for all of this, HTTP(S) based or not. This is going to fundamentally be hard to get right, if it was easy we would have dealt with this long ago, but now it time to work through this and get it right.
Thanks On 3/7/16 19:24 , Mark Nottingham wrote:
On 8 Mar 2016, at 2:08 AM, Dave Dolson <[email protected]> wrote:Regarding non-browser clients, even non-HTTP clients, and considering this is the IETF, it seems reasonable to find an IP-layer solution vs. an HTTP-layer solution.Making the presence of a CP clear to non-HTTP clients seems like a good thing. Doing much more than that (e.g., presenting something to the user, getting their credentials) is less attractive. Cheers, -- Mark Nottingham https://www.mnot.net/
-- ================================================ David Farmer Email: [email protected] Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 1-612-626-0815 Minneapolis, MN 55414-3029 Cell: 1-612-812-9952 ================================================