Re: [http-auth] Authentication-Info
Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Sat, 06 December 2014 00:53 UTC
Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23F401A1A7D for <http-auth@ietfa.amsl.com>; Fri, 5 Dec 2014 16:53:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ssGlcNV2o3v1 for <http-auth@ietfa.amsl.com>; Fri, 5 Dec 2014 16:53:04 -0800 (PST)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E16191A1BCD for <http-auth@ietf.org>; Fri, 5 Dec 2014 16:53:03 -0800 (PST)
Received: by mail-la0-f49.google.com with SMTP id hs14so1562687lab.36 for <http-auth@ietf.org>; Fri, 05 Dec 2014 16:53:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7wP6G/L88HmMMOIY4NVr6CJrPXpYFfQRSAos1In9S/0=; b=cP0P7AACmRkaCm2ocKfBcJcNlO+yrGssgn2KAexH0CVfGs3ocf+ZtYEqExt/XwJY1/ c2u2zyzYCJRLBx0aCfs9QiujZ/9WOpdBB9go9GTfAq4GF0s76VICwJ5QHPIXcYC2LQHD 2navgNRQec12CJGUroj8kGzNtL3j1otU300qlK+Bq7cOyb5EJ2Py1igObV+ZJfbjATad fOS5TtyXH6bHltZrNTsIl2DwnBTyCBPVFjxRAqyJFfkgpLpSmuGbn9EVFIBZrjmlt1p7 aV8csszKbo+U+3kK5IxIUgSVYlgMqc2/18mit2mbYonTwAbl0Rfba2HH1lpZ9jDnfIOT rP8Q==
MIME-Version: 1.0
X-Received: by 10.112.199.233 with SMTP id jn9mr5464200lbc.18.1417827182069; Fri, 05 Dec 2014 16:53:02 -0800 (PST)
Received: by 10.114.99.36 with HTTP; Fri, 5 Dec 2014 16:53:02 -0800 (PST)
In-Reply-To: <547DB5D1.5040909@gmx.de>
References: <547DB5D1.5040909@gmx.de>
Date: Fri, 05 Dec 2014 19:53:02 -0500
Message-ID: <CAGL6ep+1VRALcR1ZGPtOCpsxgpc+aJF2k0s67=-z9CkUhAsADg@mail.gmail.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Content-Type: multipart/alternative; boundary="001a11c38b9c8a4e620509819dea"
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/TOb5tElJvU48QXeEZ5raIIsPis0
Cc: "http-auth@ietf.org" <http-auth@ietf.org>
Subject: Re: [http-auth] Authentication-Info
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Dec 2014 00:53:06 -0000
Hi Julian, The Digest draft based the definition of the Authentication-Info header on the auth-param defined in RFC7235, and it registers the header with the Message Header Field Registry. What else do you think we need to do to make it generic? Regards, Rifaat On Tue, Dec 2, 2014 at 7:51 AM, Julian Reschke <julian.reschke@gmx.de> wrote: > Hi there, > > this is a minor outstanding issue with the Digest and SCRAM drafts. It was > discussed in both the WG sessions and in hallway conversations. > > This header field originally was defined in the "Digest" part of RFC 2617, > and consequently, it was copied over into <http://tools.ietf.org/html/ > draft-ietf-httpauth-digest-08#section-3.5>. > > <http://tools.ietf.org/html/draft-ietf-httpauth-scram-auth-04> currently > uses it as well, but with with a slightly differing syntax. > > Given the fact that we have two authentication scheme definitions that > have a use case for this header field -- shouldn't we define it in a way so > that it becomes a generic (optional) feature for authentications schemes? > > Choices: > > 1) The cleanest approach seems to move the definition into a separate spec > which later can be absorbed by a future RFC7235bis. I volunteer to write > that spec (it'll be very short), but this would require changes to the > Digest spec post-WGLC. > > 2) Alternatively, we could tune the Digest draft to introduce the header > field in a more generic way, allowing other schemes to use it as well. That > would avoid a dependency to a yet unwritten spec, but the complexity > wouldn't really change. > > 3) We can tell Alexey to pick a different field name, which would shift > all required changes to the SCRAM spec. > > Feedback appreciated, > > Julian > > _______________________________________________ > http-auth mailing list > http-auth@ietf.org > https://www.ietf.org/mailman/listinfo/http-auth >
- [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Michael Sweet
- Re: [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Ken Murchison
- Re: [http-auth] Authentication-Info Michael Sweet
- Re: [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Rifaat Shekh-Yusef
- Re: [http-auth] Authentication-Info Yutaka OIWA
- Re: [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Rifaat Shekh-Yusef