[http-auth] Stephen Farrell's Yes on draft-ietf-httpauth-extension-08: (with COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Thu, 01 September 2016 13:34 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: http-auth@ietf.org
Delivered-To: http-auth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2715812D95C; Thu, 1 Sep 2016 06:34:11 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.31.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147273685111.10204.16939171130521577794.idtracker@ietfa.amsl.com>
Date: Thu, 01 Sep 2016 06:34:11 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-auth/WA9rW2o8n5T8t12tUghHM2Q-g5I>
Cc: http-auth@ietf.org, httpauth-chairs@ietf.org, draft-ietf-httpauth-extension@ietf.org
Subject: [http-auth] Stephen Farrell's Yes on draft-ietf-httpauth-extension-08: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.17
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2016 13:34:11 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-httpauth-extension-08: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpauth-extension/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I think experiments to improve web authentication are a good thing (tm:-) so am happy to see this experiment proceed. - Figure 1: Maybe clarify that "credentials" here is not the same as in RFC 7235? - Figure 3: this is a mixture of an example ("Basic") and ABNF ("1#challenge") which is odd. I'd say just make it an example and fix the figure caption accordingly. - section 7: I thought that registrations of new HTTP headers needed some more information, e.g. in which messages they can be sent and with which status codes? BCP90 does seem to call for that - why aren't those details here?