[bfcpbis] Kathleen Moriarty's No Objection on draft-ietf-bfcpbis-bfcp-websocket-14: (with COMMENT)
"Kathleen Moriarty" <Kathleen.Moriarty.ietf@gmail.com> Wed, 18 January 2017 19:40 UTC
Return-Path: <Kathleen.Moriarty.ietf@gmail.com>
X-Original-To: bfcpbis@ietf.org
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 89F7F129881; Wed, 18 Jan 2017 11:40:09 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.40.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148476840952.2190.615912845986321795.idtracker@ietfa.amsl.com>
Date: Wed, 18 Jan 2017 11:40:09 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/LU_i6OaMJWGUsiEiLn-wFWxc_mA>
Cc: bfcpbis@ietf.org, draft-ietf-bfcpbis-bfcp-websocket@ietf.org, eckelcu@cisco.com, bfcpbis-chairs@ietf.org
Subject: [bfcpbis] Kathleen Moriarty's No Objection on draft-ietf-bfcpbis-bfcp-websocket-14: (with COMMENT)
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.17
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2017 19:40:09 -0000
Kathleen Moriarty has entered the following ballot position for draft-ietf-bfcpbis-bfcp-websocket-14: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-bfcpbis-bfcp-websocket/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I agree with Alexey's comment on section 8. If fallback to HTTP authentication happens, the implementer should be aware of the weaknesses in HTTP basic [RFC7617] and digest [RFC7616] spelled out in the respective security considerations sections. The HTTPAuth WG put out a few experimental RFCs with methods to eliminate some of the weaknesses, like HOBA [RFC7486] that gets rid of the need for passwords. Adding this detail would be helpful.
- [bfcpbis] Kathleen Moriarty's No Objection on dra… Kathleen Moriarty
- Re: [bfcpbis] Kathleen Moriarty's No Objection on… Ram Mohan R (rmohanr)
- Re: [bfcpbis] Kathleen Moriarty's No Objection on… Kathleen Moriarty
- Re: [bfcpbis] Kathleen Moriarty's No Objection on… Ram Mohan R (rmohanr)
- Re: [bfcpbis] Kathleen Moriarty's No Objection on… Kathleen Moriarty