Re: [http-auth] Pete Resnick's No Objection on draft-ietf-httpauth-basicauth-update-06: (with COMMENT)
Barry Leiba <barryleiba@computer.org> Thu, 19 February 2015 17:55 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40E5B1A1B84; Thu, 19 Feb 2015 09:55:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DLep8UIOgNuO; Thu, 19 Feb 2015 09:55:40 -0800 (PST)
Received: from mail-lb0-x230.google.com (mail-lb0-x230.google.com [IPv6:2a00:1450:4010:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 072C31A1B19; Thu, 19 Feb 2015 09:55:39 -0800 (PST)
Received: by lbiw7 with SMTP id w7so1373729lbi.9; Thu, 19 Feb 2015 09:55:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=A1zkB+sg8pyane2neWKgtu5b28MPJEQxq1TFEEr7I8Q=; b=IhUNexKgPWFTFOd/Qb7YHXkUt3wcMN9Jb+XEgi6/MFMle9+a1BA1BEmX71weAlfLiE zT09uWDBa2kHERWXeQR7CtHBgFeSdsqqyqhhUWuX8IHN+VvuxzY0smspbXuS4Da26kMT 51dFiy/q0Zi+rNlRliJVlOLV5y/0J2pdm1F9S4mo4MgKYKDBBLK335mY9Qt/0GiMbEBH bSRevcUV64ZVDqO8sGWRQdjJ6fThttIQfGZXh06fukJqsIBI3UvieKeowxtkySGGZfo0 T03/cbQYH7MGMwki4IxoLlj4JYGRlUb5Esn5n/WIO+vJarrPdH6yRlHAa8M2Gxp+xNhD wrlQ==
MIME-Version: 1.0
X-Received: by 10.112.167.231 with SMTP id zr7mr4941824lbb.123.1424368537372; Thu, 19 Feb 2015 09:55:37 -0800 (PST)
Sender: barryleiba@gmail.com
Received: by 10.152.127.165 with HTTP; Thu, 19 Feb 2015 09:55:37 -0800 (PST)
In-Reply-To: <54E61331.7080807@greenbytes.de>
References: <20150218214927.31074.15996.idtracker@ietfa.amsl.com> <54E511BF.1070503@gmx.de> <54E51652.4050301@qti.qualcomm.com> <54E51843.1050307@greenbytes.de> <CALaySJJCzgkUNpONxFdv9-ZUD_Qxa_70rt+3g+U60Ctt80CMAg@mail.gmail.com> <54E58D9C.5020207@gmx.de> <CAHbuEH7rf72Dx0QiLgEjPZ7vCDDinEYZE-E9yTvABfSii635Pg@mail.gmail.com> <54E61331.7080807@greenbytes.de>
Date: Thu, 19 Feb 2015 09:55:37 -0800
X-Google-Sender-Auth: rT3Sq7m-z8eDvcS-bcs2bLRj0Ko
Message-ID: <CALaySJ+SApT1dZE31mK+asAAwJqNVDPL97a6Nwn8gz0OeZhJ+w@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Julian Reschke <julian.reschke@greenbytes.de>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/6D5z0Z1P0GNVxEFGd943LZ55hZg>
Cc: Julian Reschke <julian.reschke@gmx.de>, Pete Resnick <presnick@qti.qualcomm.com>, httpauth-chairs@ietf.org, "http-auth@ietf.org" <http-auth@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-httpauth-basicauth-update.all@ietf.org
Subject: Re: [http-auth] Pete Resnick's No Objection on draft-ietf-httpauth-basicauth-update-06: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2015 17:55:42 -0000
A final note form me on this, and then I'm done with the discussion: > The problem here is the "long tail". We simply have no information about > whether these IDs exist in practice. The fact that all UAs I checked indeed > accept them at least *hints* that they might be used somewhere. Or none of > the implementers ever thought about rejecting them. I don't think this matters (but see below). From the point of view of protocol definition, it doesn't matter what's done; it matters what works. If userids with colons don't work when you send them on the wire (because servers don't interpret the userid/password field as intended), then the protocol definition should ban them, even if user agents are, in fact sending them on the wire and will continue to. But... > The discussion that we're having is whether "MUST NOT use colons" is better > or worse than "colons are invalid". I don't believe it makes a difference. I have to admit that I don't either, and that's why I'm done with this discussion. I don't think that changing "X is invalid" to "MUST NOT X" is important enough that it's worth further discussion, and I'm happy to have that left as it is. We might consider slightly altering the text to make it clear that what we say is being done in practice often does not work and is not interoperable (rather than the sort of vague "will likely treat in a way not intended" text that's there now). Meh. I'll leave that up to Julian and Pete to discuss. Julian, thanks for the discussion. Barry
- [http-auth] Pete Resnick's No Objection on draft-… Pete Resnick
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Bjoern Hoehrmann
- Re: [http-auth] Pete Resnick's No Objection on dr… Pete Resnick
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Barry Leiba
- Re: [http-auth] Pete Resnick's No Objection on dr… Bjoern Hoehrmann
- Re: [http-auth] Pete Resnick's No Objection on dr… Barry Leiba
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Kathleen Moriarty
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Barry Leiba
- Re: [http-auth] Pete Resnick's No Objection on dr… Bjoern Hoehrmann
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Bjoern Hoehrmann
- Re: [http-auth] Pete Resnick's No Objection on dr… Roy T. Fielding
- Re: [http-auth] Pete Resnick's No Objection on dr… Martin J. Dürst
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Barry Leiba
- Re: [http-auth] Pete Resnick's No Objection on dr… Kathleen Moriarty
- Re: [http-auth] Pete Resnick's No Objection on dr… Pete Resnick
- Re: [http-auth] Pete Resnick's No Objection on dr… Kathleen Moriarty
- Re: [http-auth] Pete Resnick's No Objection on dr… Barry Leiba
- Re: [http-auth] Pete Resnick's No Objection on dr… Kathleen Moriarty