IETF Logo Mail Archive

[http-auth] Mutual: ticket #4

Yutaka OIWA <y.oiwa@aist.go.jp> Wed, 23 July 2014 13:47 UTC

Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79E841A0AC9 for <http-auth@ietfa.amsl.com>; Wed, 23 Jul 2014 06:47:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.679
X-Spam-Level:
X-Spam-Status: No, score=-3.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yl3F_rIhKoG7 for <http-auth@ietfa.amsl.com>; Wed, 23 Jul 2014 06:47:00 -0700 (PDT)
Received: from na3sys010aog113.obsmtp.com (na3sys010aog113.obsmtp.com [74.125.245.94]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9328C1B280A for <http-auth@ietf.org>; Wed, 23 Jul 2014 06:46:57 -0700 (PDT)
Received: from mail-vc0-f178.google.com ([209.85.220.178]) (using TLSv1) by na3sys010aob113.postini.com ([74.125.244.12]) with SMTP ID DSNKU8+80WJ/hB7B7l1wiiNRmrPJ+QRIyysi@postini.com; Wed, 23 Jul 2014 06:46:57 PDT
Received: by mail-vc0-f178.google.com with SMTP id la4so2192864vcb.9 for <http-auth@ietf.org>; Wed, 23 Jul 2014 06:46:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:from:date:message-id:subject:to:content-type; bh=j3F3WNrsnexQVDlHN4PcOSF1aKXvficGuHqS3waRAdQ=; b=mrCd4EN6VngM7jG0yyZDahq9SVSHmpgUL931Pmx76S34mYxWHv6i6IGju2qS5mxuDH nE3HaSYi2BzWA9+8zYS3FRbGSkLGoKHCoYL+7hamD0R4SVotjsRTioGBqfwPJX0Ic6QS c2poQwB7lqv7/V/7Dloy1uRm/hJ/dhWpthlXM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=j3F3WNrsnexQVDlHN4PcOSF1aKXvficGuHqS3waRAdQ=; b=SGqm2x0IDT7aK9xVZTqFxgipCgMtaucXsViQAxWaoN9EqEQJ3xWBxHbduu3VPUtgIr M8uNN4K+1wM3Jw5Md1InyuGoW/zthAIRZTam1/+W8Q1/9dan/cbZImad/74emreSbaxH rR4qkIyAqCEMS+5rbiCdga5A64455QbJtCs3swoHpUt59N4CN6yzmCmzWDvA62eLQSbC 7eU6uZOKGmoHTLx8nWvb3P7HnAcSzEI+mPmn6XuodEnUR9lTfYG4ASpUwKCGfCieG/Xh hPMZPXBB+a17AX0SafP6ndaZ6o+C2JR6DHklmYCoZSxIeNwrgVc9lJZpvptOTJ8oqKv4 kTaQ==
X-Gm-Message-State: ALoCoQl6wxitmB21baRZ6fBT36RFzlrRtIJvDGyaow09Z0B7W7uFc+lfuwkDuE3fvYVs0ljLDvtlm720dRoBtxmZGAkBp23OjFBXkE6HA7ZCubLaGlFpu8ouoeCUlUtsuPF6ARWVF2ll
X-Received: by 10.52.157.41 with SMTP id wj9mr1890247vdb.1.1406123216717; Wed, 23 Jul 2014 06:46:56 -0700 (PDT)
X-Received: by 10.52.157.41 with SMTP id wj9mr1890229vdb.1.1406123216567; Wed, 23 Jul 2014 06:46:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.58.154.198 with HTTP; Wed, 23 Jul 2014 06:46:36 -0700 (PDT)
From: Yutaka OIWA <y.oiwa@aist.go.jp>
Date: Wed, 23 Jul 2014 22:46:36 +0900
Message-ID: <CAMeZVwtoOj1XqUEBnAvfqmax7NPMA7bAVC20XAVXHFs5vriVEQ@mail.gmail.com>
To: http-auth <http-auth@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/ANeq7_ctXyt4-QwcI6Kv7hQU9Eg
Subject: [http-auth] Mutual: ticket #4
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jul 2014 13:47:02 -0000

Dear http-auth readers,

Regarding open ticket #4 (http://trac.tools.ietf.org/wg/httpauth/trac/ticket/4),
I plan some modification to the current draft.
Feedback comments are appreciated.

I'm considering to change the "single-port" type
auth-realm token, harmonized with Web Origin's
string construction. It will then mean:
    "http://www.example.com:8080" for HTTP on port 8080 only,
    "http://www.example.com" for HTTP on port 80 only,
    "https://www.example.com" for HTTPS on port 443 only,
and
    "www.example.com" for both HTTP/HTTPS on any port.

Currently, the 2nd and 3rd ones have explicit port notifications,
like "http://www.example.com:80" to emphasis single-port-only nature.
These will be changed in the next revision if no objection exists.

If this change is not satisfactory, please give me a comment.

-- 
Yutaka OIWA, Ph.D.                 Leader, System Life-cycle Research Group
                               Research Institute for Secure Systems (RISEC)
     National Institute of Advanced Industrial Science and Technology (AIST)
                       Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]

v2.23.0 | Report a Bug | By Email