[http-auth] Stephen Farrell's Yes on draft-ietf-httpauth-extension-08: (with COMMENT)

"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Thu, 01 September 2016 13:34 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: http-auth@ietf.org
Delivered-To: http-auth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2715812D95C; Thu, 1 Sep 2016 06:34:11 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.31.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147273685111.10204.16939171130521577794.idtracker@ietfa.amsl.com>
Date: Thu, 01 Sep 2016 06:34:11 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-auth/WA9rW2o8n5T8t12tUghHM2Q-g5I>
Cc: http-auth@ietf.org, httpauth-chairs@ietf.org, draft-ietf-httpauth-extension@ietf.org
Subject: [http-auth] Stephen Farrell's Yes on draft-ietf-httpauth-extension-08: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.17
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2016 13:34:11 -0000

Stephen Farrell has entered the following ballot position for
draft-ietf-httpauth-extension-08: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


I think experiments to improve web authentication are a good
thing (tm:-) so am happy to see this experiment proceed.

- Figure 1: Maybe clarify that "credentials" here is not the
same as in RFC 7235?

- Figure 3: this is a mixture of an example ("Basic") and ABNF
("1#challenge") which is odd. I'd say just make it an example
and fix the figure caption accordingly.

- section 7: I thought that registrations of new HTTP headers
needed some more information, e.g. in which messages they can
be sent and with which status codes? BCP90 does seem to call
for that - why aren't those details here?