[http-auth] Mirja Kühlewind's No Objection on draft-ietf-httpauth-mutual-10: (with COMMENT)
"Mirja Kuehlewind" <ietf@kuehlewind.net> Tue, 01 November 2016 13:58 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: http-auth@ietf.org
Delivered-To: http-auth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E837D129426; Tue, 1 Nov 2016 06:58:10 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Mirja Kuehlewind <ietf@kuehlewind.net>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.37.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147800869091.23840.18136834516271995868.idtracker@ietfa.amsl.com>
Date: Tue, 01 Nov 2016 06:58:10 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-auth/B9NhzusMXLO2xLl8IAt6yQbt9iE>
Cc: http-auth@ietf.org, draft-ietf-httpauth-mutual@ietf.org, httpauth-chairs@ietf.org
Subject: [http-auth] Mirja Kühlewind's No Objection on draft-ietf-httpauth-mutual-10: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.17
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 13:58:11 -0000
Mirja Kühlewind has entered the following ballot position for draft-ietf-httpauth-mutual-10: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpauth-mutual/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for this well written spec! One important question: Doesn't this spec need to register a new HTTP Authentication Schemes ("Mutual") with IANA? Further minor comments/questions: 1) Somehow I don't understand this: "For responses, the parameters "reason", any "ks#" (where # stands for any decimal integer), and "vks" are mutually exclusive; any challenge MUST NOT contain two or more parameters among them. They MUST NOT contain any "kc#" or "vkc" parameters." Who is 'they' in the last sentence? 2) "Typically, clients can ensure the above property by using a monotonically-increasing integer counter that counts from zero up to the value of nc-max." Wouldn't it be better to use a randomized number? 3) Nit: s/Even if the request-URI does not have a port part, v will include the default port number./Even if the request-URI does not have a port part, vh will include the default port number./
- [http-auth] Mirja Kühlewind's No Objection on dra… Mirja Kuehlewind
- Re: [http-auth] Mirja Kühlewind's No Objection on… Julian Reschke
- Re: [http-auth] Mirja Kühlewind's No Objection on… 大岩寛