Appeal: Mandatory to implement HTTP authentication mechanism in the Atom Publishing Protocol (Robert Sayre; 2006-08-29) - 2006-08-29
Appeal - 2006-08-29

Subject: Appeal: Mandatory to implement HTTP authentication mechanism in the Atom Publishing Protocol.
Date: Tue, 29 August 2006
From: Robert Sayre
To: IESG IESG, Brian E Carpenter

Dear IESG Chair and IESG,

This is a formal appeal regarding the IESG decision to require a
mandatory to implement HTTP authentication mechanism in the Atom
Publishing Protocol. The message from the IESG to the working group
can be found at this URI:

http://www.imc.org/atom-protocol/mail-archive/msg06152.html

The Internet Standards Process [RFC2026] does not require universal
interoperability, and Strong Security Requirements for Internet
Engineering Task Force Standard Protocols [RFC3365/BCP61] does not
require interoperable security mechanisms. Thus, the bar for an
interoperable protocol is two independently developed implementations.
No IESG member or Atompub WG member has claimed that an HTTP-based
protocol will fail to meet this standard with entirely optional
authentication mechanisms. HTTP itself is proof of this.

I understand that the substance of this appeal may run counter to
individual conceptions of IETF-style specifications, but it clearly
does not run counter to the spirit of either procedural RFC cited
above (BCP61 doesn't even mention interoperability). Individuals who
feel the IETF needs stronger security interoperability requirements
must achieve IETF consensus on a document detailing those
requirements. The IESG is not authorized to redefine the
interoperability requirements detailed in the Internet Standards
Process [RFC2026].

thanks,

Robert Sayre