Re: [http-auth] WGLC on the MutualAuth drafts

大岩寛 <> Thu, 07 July 2016 13:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E07E612D75E for <>; Thu, 7 Jul 2016 06:32:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6n8kBC16i52t for <>; Thu, 7 Jul 2016 06:32:21 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0C17F12D10D for <>; Thu, 7 Jul 2016 06:32:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Fg1xjHGAyiBLo2DeSL/BzNbVpDFWp8ALcrNeG4GvOZ0=; b=BdIuWmUt9Cj9mfI8RUcj2o37Rzn2PcnC+yu114UO8NbkBVlRDQFrcQLkHkfSMzSQoVIVkLWxEMBd/SEcNmO04nhVBH7cRLIXV0pvEbb1kqU4cIBQMIvsYfbC22kVQ6gfPWFJv/lMPMNaOj7iSdWLgRAG2nUb4ehXeX3v5ZOlWXQ=
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.1.534.14; Thu, 7 Jul 2016 13:32:15 +0000
Received: from ([]) by ([]) with mapi id 15.01.0534.020; Thu, 7 Jul 2016 13:32:15 +0000
From: 大岩寛 <>
To: Julian Reschke <>, Yoav Nir <>, httpauth mailing list <>
Thread-Topic: [http-auth] WGLC on the MutualAuth drafts
Date: Thu, 07 Jul 2016 13:32:15 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-office365-filtering-correlation-id: 4137af40-5245-4c1e-8b57-08d3a66b1c85
x-microsoft-exchange-diagnostics: 1; TY1PR01MB0586; 6:qOlcvDvr5BVhbUMG91VlJzMxDK9GK3iLbbdYZed+SAsZWUz1lU/QvinBhq74jLhyzU/5fGbPweFuZpJmsU0KmarVhDdOwqCP3VFAfE2YUaZ5/VStGOYjcyVECZzHwaU/JCLbL/ulOZeKN0SfTS4S0Gl3oO29dNq/3h7vtmbwaU5dlaIL5gbkwrlEaMq6l2XpQykFzRrhcirOb6vT7M3NhSE1js6Z9x3GqPsxNlCJjxTcdo3M6Qmloigb7+LH6AHK779Ag7WO87xiQJ9sB4za8R/+jo9EeEY5zvnVZUWtoxErIqxPeFUR/9Ij0cXCYs54dnbzXkqbSfIirBSgNXGtQQ==; 5:dH+/q91Rs6zyGDOB9VDuSz2CwAlOq/ELhRoYtfbBSDTrZTXIhysnT0wqi/p/kSeKSuDzITE/tp4VM1THc2HQ0513aEKPgFKoWroCgiBBvrBlMyX4pwUEzvfckni0WcqS5juBWnNTKSV9Uk8GDlpjlA==; 24:92loPXlQHvKbeUiJeO93gi48La66i78tAUdC0R8PzKLilk3l1vSOyygCoz/5lj0NqQmxX1EGld84TqsV06y4ywpWOwrjyuXobVfLNNi7V4E=; 7:QfTPH1Fl1hVN3mR+PU/eVaWKIcfBV1iyl2jZaf8Wkf3f8UE7WKj5NwSoccgbd1e03ISolJb+SP5rm3yzHFFMzA1YXwNrImgaO8Y6OEpq9rvAKDQL+4RUBtzw1IlzIoYpgojlcqxiJZ8p3sBPFRYb7G3B58EPT3gSPsckf2IYK5caKYTRGyPl/0DARn2oETBu3Hb84WgAJ6A0u1R6im2n6OSEVpqmNlhNw1AcCm+63H9yxe347WceBJ1/puvoiFxl
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:TY1PR01MB0586;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(26323138287068);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026); SRVR:TY1PR01MB0586; BCL:0; PCL:0; RULEID:; SRVR:TY1PR01MB0586;
x-forefront-prvs: 0996D1900D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(377424004)(24454002)(377454003)(13464003)(189002)(69234005)(199003)(74482002)(93886004)(9686002)(7736002)(5003600100003)(7846002)(8666005)(92566002)(3660700001)(3280700002)(76576001)(2900100001)(11100500001)(7696003)(87936001)(189998001)(2950100001)(102836003)(6116002)(3846002)(586003)(5001770100001)(19580405001)(10400500002)(81156014)(8676002)(68736007)(19580395003)(8936002)(81166006)(97736004)(2906002)(74316002)(107886002)(86362001)(66066001)(50986999)(54356999)(76176999)(305945005)(105586002)(101416001)(106356001)(106116001)(85182001)(33656002)(122556002)(77096005)(5002640100001)(7059030); DIR:OUT; SFP:1101; SCL:1; SRVR:TY1PR01MB0586;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jul 2016 13:32:15.1670 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 18a7fec8-652f-409b-8369-272d9ce80620
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY1PR01MB0586
Archived-At: <>
Subject: Re: [http-auth] WGLC on the MutualAuth drafts
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: HTTP authentication methods <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 07 Jul 2016 13:32:34 -0000

Dear Julian,

My understanding of your message is that you'll just define the
value encoding of I18n string, and all RFCs referring it must say,
for example, "the value of parameter foo will be encoded by RFC5987bis,
like foo=UTF-8''caf%C3%89 ."
Is it right? If not, please forgive me and skip the rest of my message.

If it's true, in that case, I'm *not in favor* of "obsoleting" or "replacing"
the current 5987 by it, as it simply drops the current feature, not replacing it.

Both defining the value encoding 
And defining the general parameter extension framework
is definitely the two existing features of current 5987.
I'm relying basically on *the latter feature*.

The most important value of the current 5987 is that non-percent-encoded
ASCII parameters and percent-encoded 5987-style parameters
can co-exist and deterministically distinguished,
while keeping ASCII-only use cases wire-compatible.
Yes, it's a bit tricky encoding, but it works.
If I need to say "this parameter will be 5987bis-value-encoded
(so %20 MUST be treated as a space, not percent-two-zero)",
it's no better than simple percent-encoded UTF-8,
especially with cryptographic operations
(which requires binary-to-binary equivalence and thus denies
almost all kinds of character encoding negotiations).

The reason I accepted to adopt RFC5987 in Fall 2014 is that
consistent support of it would make better promotion for
some future "common libraries", you favorite term, 
to transparently support internationalized HTTP authentication.
It's not only for "my" proposals but also for all future proposals.
Without the tag extension framework part, I find little value for it.

More to say, should you say it, I strongly think that you should 
say it before I *did* accept the proposed use of 5987 (it was proposed by you!).
If I knew your plan at that point, and if only the value encoding part is
defined in 5987bis, I have no reason to adopt RFC 5987 *and 5987bis*.
I'd simply chose to use simple percent-encoded UTF-8, without any charset tag,
It's much simpler and much much easier to deploy with existing libraries.

Yutaka OIWA, Ph.D.       Leader, Cyber Physical Architecture Research Group
                                  Information Technology Research Institute
    National Institute of Advanced Industrial Science and Technology (AIST)
                      Mail addresses: <>, <>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]

> -----Original Message-----
> From: Julian Reschke []
> Sent: Tuesday, July 5, 2016 7:09 PM
> To: 大岩寛 <>; Yoav Nir <>; httpauth
> mailing list <>
> Subject: Re: [http-auth] WGLC on the MutualAuth drafts
> On 2016-07-05 06:24, 大岩寛 wrote:
> > ...
> > [3]
> >> FYI: I'm in the process of revising RFC 5987, and that ABNF
> >> production is going to be removed. Seems we need to coordinate here.
> >
> > Can you tell us some more detail about this?
> > May be we also need to coordinate with the Chairs about the scheduling.
> > ...
> When I wrote RFC 5987, I put too much emphasis in being consistent with RFC
> 2231 and in the ABNF.
> The plan for RFC 5987bis is that it'll just define the grammar for the field
> *value*. I'll stay away from defining and redefining parameters in general.
> Best regards, Julian