IETF Logo Mail Archive

Re: [apps-discuss] [saag] HTTP authentication: the next generation

Yoav Nir <ynir@checkpoint.com> Sat, 11 December 2010 23:14 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C6BDD3A6CF7; Sat, 11 Dec 2010 15:14:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.364
X-Spam-Level:
X-Spam-Status: No, score=-9.364 tagged_above=-999 required=5 tests=[AWL=1.235, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2a-6pFCQ27YO; Sat, 11 Dec 2010 15:14:20 -0800 (PST)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id 94A583A6D09; Sat, 11 Dec 2010 15:14:19 -0800 (PST)
X-CheckPoint: {4D040629-0-1B221DC2-2FFFF}
Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id oBBNFrmj001961; Sun, 12 Dec 2010 01:15:53 +0200
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Sun, 12 Dec 2010 01:15:52 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: websec <websec@ietf.org>, Peter Saint-Andre <stpeter@stpeter.im>
Date: Sun, 12 Dec 2010 01:15:51 +0200
Thread-Topic: [saag] HTTP authentication: the next generation
Thread-Index: AcuZiVq4ANG3mfypQUiHj/vOrV2Hpw==
Message-ID: <5C0D484C-682B-4B7B-B7EA-DFC78ADA3ED4@checkpoint.com>
References: <4D02AF81.6000907@stpeter.im> <p06240809c928635499e8@[10.20.30.150]> <ADDEC353-8DE6-408C-BC75-A50B795E2F6C@checkpoint.com>
In-Reply-To: <ADDEC353-8DE6-408C-BC75-A50B795E2F6C@checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Sun, 12 Dec 2010 08:17:34 -0800
Cc: "http-auth@ietf.org" <http-auth@ietf.org>, "saag@ietf.org" <saag@ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Subject: Re: [apps-discuss] [saag] HTTP authentication: the next generation
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Dec 2010 23:14:20 -0000

resending with less recipients...

On Dec 12, 2010, at 1:10 AM, Yoav Nir wrote:

> 
> On Dec 11, 2010, at 1:09 AM, Paul Hoffman wrote:
> 
>> At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote:
>>> Other than that, I'm not aware of much activity. What have I missed?
>> 
>> TLS client certificates.
> 
> TLS client certificates work, but as we've learned both with the web and with IPsec clients, people would much rather not use them. A few IETFs ago (Chicago?), a bunch of us tried to push the idea of TLS with EAP authentication.
> 
> http://tools.ietf.org/html/draft-nir-tls-eap
> 
> At the time, the TLS working group (and an AD) told us that this would contradict the applicability statement of EAP, so no, you cannot use EAP for anything other than network access. 
> 
> Now we have the abfab working group, so I don't think this still holds.
> 
> Also, I agree with Marsh, that authentication is not enough, and you need the rest of TLS anyway.
> 
> So yes, I think that it is time to resurrect HTTP authentication.
> 
> Yoav
> 
>

v2.23.0 | Report a Bug | By Email