Re: [http-auth] Working Group Last Call for draft-ietf-httpauth-basicauth-update-03.txt
Julian Reschke <julian.reschke@gmx.de> Fri, 05 December 2014 18:55 UTC
Return-Path: <julian.reschke@gmx.de>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 170661AD56F for <http-auth@ietfa.amsl.com>; Fri, 5 Dec 2014 10:55:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VJsTvqDLMChM for <http-auth@ietfa.amsl.com>; Fri, 5 Dec 2014 10:55:37 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 233D51AD579 for <http-auth@ietf.org>; Fri, 5 Dec 2014 10:55:34 -0800 (PST)
Received: from [192.168.2.160] ([93.217.106.159]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0M1jKo-1Xhtvd4BRq-00thqD; Fri, 05 Dec 2014 19:55:32 +0100
Message-ID: <5481FFA0.9070006@gmx.de>
Date: Fri, 05 Dec 2014 19:55:28 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Peter Saint-Andre - &yet <peter@andyet.net>, Benjamin Kaduk <kaduk@MIT.EDU>, IETF HTTP Auth <http-auth@ietf.org>
References: <20141202111608.27803.85751.idtracker@ietfa.amsl.com> <60D2DF51-5CD9-4A55-8031-4F974C0F8DF9@gmail.com> <alpine.GSO.1.10.1412051146120.23489@multics.mit.edu> <5481EA8C.4030202@andyet.net>
In-Reply-To: <5481EA8C.4030202@andyet.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:xO8JsRNolxmK9zdIifW03plr89fSIKylfYa2XFlGqCDeLf0BEBC Zdumoyv+zAW2vyNfb5nAFBqGbdKdICiB45Cc8Jsr593I4X6F7xKSyYU0xqY6I6hmc9c1Q6i SS04Qz4aSvsWgxhp5eoXldblOImHC4OcLedBMv3n46MLkxzfadb72qjaghA21hWf8hKcUCm cHTHHJJ+0I3srF8N2U2Nw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/4oDHkqjE8VQ6bJQT_4AUygx2fx0
Subject: Re: [http-auth] Working Group Last Call for draft-ietf-httpauth-basicauth-update-03.txt
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Dec 2014 18:55:44 -0000
On 2014-12-05 18:25, Peter Saint-Andre - &yet wrote: > On 12/5/14, 10:21 AM, Benjamin Kaduk wrote: >> On Tue, 2 Dec 2014, Yoav Nir wrote: >> >>> Thank you, Julian >>> >>> This begins a 2-week WGLC for this document. >>> >>> Please take the time to read through and post any comments to the list. >> >> My apologies if this has already been covered, but the abstract includes >> the phrase "obfuscated by the use of Base64 encoding" (the introduction >> includes similar content). It looks like this was introduced in the -01, >> and the on-list discussion of the -00 didn't really talk about it -- >> there >> was a note from Bjoern that the abstract "could use another sentence >> stating what the `Basic` scheme is", but the word "obfuscate" did not >> appear. As such, I thought I would mention it now -- it's not really >> clear that Base64 encoding counts as obfuscation in this context, where >> the HTTP headers make it very clear that the userid/password are being >> conveyed. > > That struck me as odd, too. I'd suggest "encoded in Base 64" instead. > > Peter What do others think? Would saying "slightly obfuscated" make things more bearable? (If we change it in the abstract we'll need to change the 2nd occurence as well, no) Best regards, Julian
- [http-auth] I-D Action: draft-ietf-httpauth-basic… internet-drafts
- [http-auth] Working Group Last Call for draft-iet… Yoav Nir
- Re: [http-auth] Working Group Last Call for draft… Michael Sweet
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Michael Sweet
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Yoav Nir
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Yoav Nir
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Benjamin Kaduk
- Re: [http-auth] Working Group Last Call for draft… Peter Saint-Andre - &yet
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Benjamin Kaduk
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke