IETF Logo Mail Archive

Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis

Joe Orton <joe@manyfish.co.uk> Fri, 08 June 2007 12:25 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwdWq-0000Td-KO; Fri, 08 Jun 2007 08:25:20 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1Hwbrx-0002Mr-BW for discuss-confirm+ok@megatron.ietf.org; Fri, 08 Jun 2007 06:39:01 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1Hwbrx-0002Mb-26 for discuss@apps.ietf.org; Fri, 08 Jun 2007 06:39:01 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HwbrN-0000ty-Ts for discuss@apps.ietf.org; Fri, 08 Jun 2007 06:38:25 -0400
Received: from smtp.aaisp.net.uk ([2001:8b0:0:81::51bb:5133]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HwbrL-0004cE-In for discuss@apps.ietf.org; Fri, 08 Jun 2007 06:38:25 -0400
Received: from mail.manyfish.co.uk ([81.187.127.133]) by smtp.aaisp.net.uk with esmtps (TLSv1:AES256-SHA:256) (Exim 4.62) (envelope-from <joe@manyfish.co.uk>) id 1HwbrE-0003gO-OG; Fri, 08 Jun 2007 11:38:16 +0100
Received: from joe by mail.manyfish.co.uk with local (Exim 4.63) (envelope-from <joe@manyfish.co.uk>) id 1HwbrC-0002F4-Eo; Fri, 08 Jun 2007 11:38:14 +0100
Date: Fri, 8 Jun 2007 11:38:14 +0100
From: Joe Orton <joe@manyfish.co.uk>
To: Keith Moore <moore@cs.utk.edu>
Subject: Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis
Message-ID: <20070608103814.GA6204@manyfish.co.uk>
References: <BA772834-227A-4C1B-9534-070C50DF05B3@mnot.net> <392C98BA-E7B8-44ED-964B-82FC48162924@mnot.net> <6AE049B9045C00064222693F@[10.1.110.5]> <p06240871c28dd59e7371@[10.20.30.108]> <46682BC9.9050504@gmx.de> <46682E06.7030603@cs.utk.edu> <46682FC5.5030204@gmx.de> <466882A9.5010303@cs.utk.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <466882A9.5010303@cs.utk.edu>
User-Agent: Mutt/1.4.2.2i
X-Spam-Score: -2.8 (--)
X-Scan-Signature: cf4fa59384e76e63313391b70cd0dd25
X-TMDA-Confirmed: Fri, 08 Jun 2007 06:39:01 -0400
X-Mailman-Approved-At: Fri, 08 Jun 2007 08:25:18 -0400
Cc: Paul Hoffman <phoffman@imc.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, Apps Discuss <discuss@apps.ietf.org>
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

On Thu, Jun 07, 2007 at 06:11:53PM -0400, Keith Moore wrote:
> Julian Reschke wrote:
> > BTW: does the framework really require fixing?
>
> I am pretty sure that it does.  I think sites will continue to insist on
> being in control of the look and feel of the username/password dialog. 

Fixing that does not require any changes to the HTTP auth framework. Roy 
pointed out a long time ago that this can be done simply by defining an 
extension to HTML which allows an HTML 401/407 response body to contain 
a form which is used to enter credentials.  <form action="authenticate"> 
or something.

(and possibly some method for browsers to advertise support for this)

joe

v2.8.7 | Report a Bug | By Email