IETF Logo Mail Archive

Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

lists@ingostruck.de Fri, 08 June 2007 12:25 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwdWq-0000TK-FG; Fri, 08 Jun 2007 08:25:20 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HwZkY-0001va-31 for discuss-confirm+ok@megatron.ietf.org; Fri, 08 Jun 2007 04:23:14 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwZkX-0001vS-Mu for discuss@apps.ietf.org; Fri, 08 Jun 2007 04:23:13 -0400
Received: from dsl.ingostruck.de ([85.183.48.31]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1HwZkW-00054x-5C for discuss@apps.ietf.org; Fri, 08 Jun 2007 04:23:13 -0400
Received: (qmail 2686 invoked by uid 500); 8 Jun 2007 09:34:06 -0000
From: lists@ingostruck.de
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis
Date: Fri, 8 Jun 2007 09:34:04 +0000
User-Agent: KMail/1.8.2
References: <BA772834-227A-4C1B-9534-070C50DF05B3@mnot.net> <46682FC5.5030204@gmx.de> <20070608081032.GA12039@nic.fr>
In-Reply-To: <20070608081032.GA12039@nic.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200706080934.06204.lists@ingostruck.de>
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
X-Mailman-Approved-At: Fri, 08 Jun 2007 08:25:19 -0400
Cc: Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

On Friday 08 June 2007 08:10, Stephane Bortzmeyer wrote:
> On Thu, Jun 07, 2007 at 06:18:13PM +0200,
>  Julian Reschke <julian.reschke@gmx.de> wrote
>
>  a message of 14 lines which said:
> > In the wild, most authentication isn't using RFC2617 anyway.
>
> Any data here? IMHO, this assertion is not true, unless you limit to
> big e-commerce Web sites. For instance, HTTP-based Web services use
> 2617. Also, 2617 is typically the simplest way for a small and rapidly
> setup Web site, even if it does not have the visibility of Amazon.
Apart from that there is an applications where rfc2617
imho currently is the only widely usable auth scheme:
restricted proxies.
If you want to have a semi-public proxy that needs auth,
anything else but using rfc2617 Proxy-Authentication
is a pain. If you do not want plaintext credentials, rfc2617 digest
currently remains the only working option (at least for me, but admittedly
this doesn't say anything about "widespread-use").

Kind regards

Ingo Struck

v2.8.7 | Report a Bug | By Email