Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis
Adrien de Croy <adrien@qbik.com> Wed, 13 June 2007 12:28 UTC
Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1HyRxb-0004Do-39; Wed, 13 Jun 2007 08:28:27 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43)
id 1HyEj7-00014Q-HD for discuss-confirm+ok@megatron.ietf.org;
Tue, 12 Jun 2007 18:20:37 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43)
id 1HyEj7-00014I-7u
for discuss@apps.ietf.org; Tue, 12 Jun 2007 18:20:37 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1HyEes-0000er-6U
for discuss@apps.ietf.org; Tue, 12 Jun 2007 18:16:14 -0400
Received: from smtp.qbik.com ([210.55.214.35])
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HyEeq-0002sR-H6
for discuss@apps.ietf.org; Tue, 12 Jun 2007 18:16:14 -0400
Received: From spunky.qbik.com (unverified [192.168.0.3]) by SMTP Server
[192.168.0.1]
(WinGate SMTP Receiver v6.2.1 (Build 1134)) with SMTP id
<0009324820@smtp.qbik.com>; Wed, 13 Jun 2007 10:16:29 +1200
Received: From [192.168.0.33] (unverified [192.168.0.33]) by SMTP Server
[192.168.0.3]
(WinGate SMTP Receiver v) with SMTP id <0000537528@spunky.qbik.com>;
Wed, 13 Jun 2007 10:16:27 +1200
Message-ID: <466F1B3B.3040409@qbik.com>
Date: Wed, 13 Jun 2007 10:16:27 +1200
From: Adrien de Croy <adrien@qbik.com>
Organization: Qbik New Zealand Limited
User-Agent: Thunderbird 2.0.0.0 (Windows/20070326)
MIME-Version: 1.0
To: Mark Nottingham <mnot@mnot.net>
Subject: Re: RFC2616 vs RFC2617, was: Straw-man charter for http-bis
References: <BA772834-227A-4C1B-9534-070C50DF05B3@mnot.net>
<392C98BA-E7B8-44ED-964B-82FC48162924@mnot.net>
<6AE049B9045C00064222693F@[10.1.110.5]>
<p06240871c28dd59e7371@[10.20.30.108]>
<46682BC9.9050504@gmx.de> <46682E06.7030603@cs.utk.edu>
<46682FC5.5030204@gmx.de> <20070608081032.GA12039@nic.fr>
<8FEE5444-50F1-4575-9AA3-626C2A03474C@mnot.net>
In-Reply-To: <8FEE5444-50F1-4575-9AA3-626C2A03474C@mnot.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1
X-TMDA-Confirmed: Tue, 12 Jun 2007 18:20:37 -0400
X-Mailman-Approved-At: Wed, 13 Jun 2007 08:28:26 -0400
Cc: Apps Discuss <discuss@apps.ietf.org>,
"ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols
<discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>,
<mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>,
<mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org
my experience also is that it is extremely rare to encounter public web servers that use any HTTP auth mechanism. NTLM and Basic auth is often used for intranets, and proxy access. I've never seen an instance of Digest auth. Seems to me that the issue of securing communications and authenticating or identifying parties are closely aligned, why not just have some form of auth built into TLS, then we could use it for any protocol that can use TLS, instead of having to implement separate auth schemes for every higher protocol. Mark Nottingham wrote: > > > On 08/06/2007, at 6:10 PM, Stephane Bortzmeyer wrote: > >> >> On Thu, Jun 07, 2007 at 06:18:13PM +0200, >> Julian Reschke <julian.reschke@gmx.de> wrote >> a message of 14 lines which said: >> >>> In the wild, most authentication isn't using RFC2617 anyway. >> >> Any data here? IMHO, this assertion is not true, unless you limit to >> big e-commerce Web sites. For instance, HTTP-based Web services use >> 2617. > > My experience is that it isn't adequate for even those purposes, in > many cases. > > -- > Mark Nottingham http://www.mnot.net/ > >
- Straw-man charter for http-bis Mark Nottingham
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis Paul Hoffman
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis Eliot Lear
- Re: Straw-man charter for http-bis Paul Hoffman
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis Paul Hoffman
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis Mark Nottingham
- Re: Straw-man charter for http-bis Paul Hoffman
- Re: Straw-man charter for http-bis Mark Nottingham
- RE: Straw-man charter for http-bis Larry Masinter
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis -- call for er… Mark Nottingham
- Re: Straw-man charter for http-bis Eliot Lear
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis -- call for er… Julian Reschke
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis Eliot Lear
- Re: Straw-man charter for http-bis Mark Nottingham
- Re: Straw-man charter for http-bis Eliot Lear
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis Eliot Lear
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis -- call for er… Julian Reschke
- Re: Straw-man charter for http-bis -- call for er… Cyrus Daboo
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Mark Nottingham
- Re: Straw-man charter for http-bis -- call for er… Cyrus Daboo
- Re: Straw-man charter for http-bis Alexey Melnikov
- Re: Straw-man charter for http-bis Alexey Melnikov
- Re: Straw-man charter for http-bis Yves Lafon
- Re: Straw-man charter for http-bis -- call for er… Robert Sayre
- Re: Straw-man charter for http-bis Robert Sayre
- Re: Straw-man charter for http-bis -- call for er… Robert Sayre
- Re: Straw-man charter for http-bis -- call for er… Robert Sayre
- Re: Straw-man charter for http-bis Roy T. Fielding
- Re: Straw-man charter for http-bis -- call for er… Henrik Nordstrom
- Re: Straw-man charter for http-bis -- call for er… Henrik Nordstrom
- Re: Straw-man charter for http-bis Robert Sayre
- Re: Straw-man charter for http-bis -- call for er… Robert Sayre
- Re: Straw-man charter for http-bis Mark Nottingham
- Re: Straw-man charter for http-bis Mark Nottingham
- Re: Straw-man charter for http-bis Mark Nottingham
- Re: Straw-man charter for http-bis Mark Nottingham
- Re: Straw-man charter for http-bis Mark Nottingham
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Robert Sayre
- RE: Straw-man charter for http-bis -- call for er… Henrik Nordstrom
- Re: Straw-man charter for http-bis Henrik Nordstrom
- Re: Straw-man charter for http-bis Roy T. Fielding
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis John C Klensin
- Re: Straw-man charter for http-bis Eliot Lear
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Paul Hoffman
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Robert Sayre
- Re: Straw-man charter for http-bis Chris Newman
- Re: Straw-man charter for http-bis Julian Reschke
- Re: Straw-man charter for http-bis Alexey Melnikov
- Re: Straw-man charter for http-bis Paul Hoffman
- RFC2616 vs RFC2617, was: Straw-man charter for ht… Julian Reschke
- Re: Straw-man charter for http-bis Keith Moore
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Keith Moore
- Re: Straw-man charter for http-bis Julian Reschke
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Julian Reschke
- Re: Straw-man charter for http-bis Paul Hoffman
- Re: Straw-man charter for http-bis Eliot Lear
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Keith Moore
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Lisa Dusseault
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Stephane Bortzmeyer
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Joe Orton
- Re: Straw-man charter for http-bis Henrik Nordstrom
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… lists
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… lists
- Re: Straw-man charter for http-bis Eliot Lear
- Re: Straw-man charter for http-bis Chris Newman
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Chris Newman
- Re: Straw-man charter for http-bis Henrik Nordstrom
- Re: Straw-man charter for http-bis Lisa Dusseault
- Re: Straw-man charter for http-bis Martin Duerst
- Re: Straw-man charter for http-bis Henrik Nordstrom
- Re: Straw-man charter for http-bis Keith Moore
- Re: Straw-man charter for http-bis Julian Reschke
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Mark Nottingham
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Stephane Bortzmeyer
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Adrien de Croy
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Stephane Bortzmeyer
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… tom.petch
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Keith Moore
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… tom.petch
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Keith Moore
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Mark Nottingham
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Adrien de Croy
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… Chris Newman
- Re: Straw-man charter for http-bis Chris Newman
- Re: Straw-man charter for http-bis Henrik Nordstrom
- Re: Straw-man charter for http-bis der Mouse
- Re: Straw-man charter for http-bis Keith Moore
- Re: RFC2616 vs RFC2617, was: Straw-man charter fo… tom.petch
- Re: Straw-man charter for http-bis Mark Nottingham
- Character encodings in headers [i74][was: Straw-m… Mark Nottingham
- Re: Character encodings in headers [i74][was: Str… Keith Moore
- Re: Character encodings in headers [i74][was: Str… John C Klensin
- Re: Character encodings in headers [i74][was: Str… Clive D.W. Feather
- Re: Character encodings in headers [i74][was: Str… Martin Duerst
- Re: Character encodings in headers [i74][was: Str… Martin Duerst
- Re: Character encodings in headers [i74][was: Str… Mark Nottingham
- Re: Character encodings in headers [i74][was: Str… Martin Duerst
- Re: Character encodings in headers [i74][was: Str… Mark Nottingham
- Re: Character encodings in headers [i74][was: Str… Clive D.W. Feather
- Re: Character encodings in headers [i74][was: Str… Clive D.W. Feather
- Re: Character encodings in headers [i74][was: Str… Keith Moore
- Re: Character encodings in headers [i74][was: Str… der Mouse
- Re: Character encodings in headers [i74][was: Str… Keith Moore
- Re: Character encodings in headers [i74][was: Str… Stefanos Harhalakis
- Re: Character encodings in headers [i74][was: Str… Keith Moore