IETF Logo Mail Archive

Re: [http-auth] Working Group Last Call for draft-ietf-httpauth-basicauth-update-03.txt

Yoav Nir <ynir.ietf@gmail.com> Wed, 03 December 2014 19:05 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 886F21A1AA0 for <http-auth@ietfa.amsl.com>; Wed, 3 Dec 2014 11:05:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9hfasRqCvjDX for <http-auth@ietfa.amsl.com>; Wed, 3 Dec 2014 11:05:22 -0800 (PST)
Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com [IPv6:2a00:1450:400c:c05::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E05D91A90AE for <http-auth@ietf.org>; Wed, 3 Dec 2014 11:05:21 -0800 (PST)
Received: by mail-wi0-f178.google.com with SMTP id em10so6030206wid.11 for <http-auth@ietf.org>; Wed, 03 Dec 2014 11:05:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=5XVMD8bLWK1E2MEVl4YQtTGSalciRZq3JmY/LZaB0Ng=; b=FY5iyOVcWvA1DfHSVh0rbd8BlG8EcYYc8vbJhODDctFmUjYIjshsuHr0AQVf+/bfbe o82SPO7u7iw/PZSExlzZ93gPUq8eyybVaZ3RVzSGNa7+fiTAZuN3l5bbl6HDuFJnTB+Q 8Ly2QYdJzkiYfPP+cplR16YzowuLXlbGTocjzxthLq6C8Zw7FFIBkFPyQPxdomkn31Zk 2bowkb18mtsw7JGYFHDJ2wT8NZM2V/TIFZEcHQ7ogpAoMNLCrrq27jLTDlT3IbSpfYkn tsCrOLKhTpPACY257zJPnE1ths2F7VnuQXrDkDX4YMA+SIegNX588Y6PDuJYP/k56Pad GTXw==
X-Received: by 10.194.161.202 with SMTP id xu10mr10030665wjb.4.1417633520708; Wed, 03 Dec 2014 11:05:20 -0800 (PST)
Received: from [192.168.1.104] (IGLD-84-229-24-231.inter.net.il. [84.229.24.231]) by mx.google.com with ESMTPSA id r10sm38275624wiy.19.2014.12.03.11.05.19 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 03 Dec 2014 11:05:20 -0800 (PST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <547F468A.2000209@gmx.de>
Date: Wed, 03 Dec 2014 21:05:17 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <85038266-014D-4528-A7AF-2201AB146835@gmail.com>
References: <20141202111608.27803.85751.idtracker@ietfa.amsl.com> <60D2DF51-5CD9-4A55-8031-4F974C0F8DF9@gmail.com> <61D95DD7-42F3-4483-8C72-E29C16180C56@apple.com> <547F3958.4020005@gmx.de> <1EB23215-FEFE-48D1-B634-04E6485A899F@apple.com> <547F468A.2000209@gmx.de>
To: Julian Reschke <julian.reschke@gmx.de>
X-Mailer: Apple Mail (2.1993)
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/TMoRBc7Tr6JmKHpmB_aQUQz4Z8Y
Cc: IETF HTTP Auth <http-auth@ietf.org>
Subject: Re: [http-auth] Working Group Last Call for draft-ietf-httpauth-basicauth-update-03.txt
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2014 19:05:25 -0000

> On Dec 3, 2014, at 7:21 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
> 
> On 2014-12-03 18:12, Michael Sweet wrote:
>> Julian,
>> 
>>> On Dec 3, 2014, at 11:24 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
>>> 
>>> On 2014-12-03 17:14, Michael Sweet wrote:
>>>> My comments:
>>>> 
>>>> - Section 2 makes the "charset" parameter OPTIONAL. I'm wondering if this should be RECOMMENDED in order to encourage adoption of UTF-8 usernames and passwords since that solves common deployment and interop issues.
>>> 
>>> This being an optional feature has been the intention since we started.
>>> 
>>> If a server has a use for non-ASCII characters, it has sufficient motivation to use it. In the other case, no amount of spec language will affect what it does.
>> 
>> OK, I was under the impression that one of the motivations for updating RFC 2617 was to address I18N issues.
> 
> It is. But we can't make new normative requirements that will break existing implementations.

[no hats]

Sure we can. This is a new specification. Some implementations will keep implementing the old, obsolete spec. This is no different from clients and servers continuing to use TLS 1.0 and 1.1 now that 1.2 has obsoleted them.

The charset parameter can be an indicator that the server is implementing the new spec rather than the old. Why not go all the way to MUST?

Yoav

v2.23.0 | Report a Bug | By Email