IETF Logo Mail Archive

Re: [http-auth] Pete Resnick's No Objection on draft-ietf-httpauth-basicauth-update-06: (with COMMENT)

Pete Resnick <presnick@qti.qualcomm.com> Fri, 20 February 2015 16:09 UTC

Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B10E1A0066; Fri, 20 Feb 2015 08:09:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.011
X-Spam-Level:
X-Spam-Status: No, score=-7.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjGGv1DhbaUg; Fri, 20 Feb 2015 08:09:39 -0800 (PST)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D19761A877A; Fri, 20 Feb 2015 08:09:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1424448574; x=1455984574; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=uqYF1wnGfZg5tHz7SfoYoY5ZSmcTbt75+Svn2almAEU=; b=tAPecdqVdntFOK/DFR/pyBNVc10wiRHMhXcXg8nFv2AfU87+hf5vC4m7 2pdeRkiN1S/STgFN766MB+GMEtO51TvAw6gWiDrL7osK/xfTcpUZi4Ud/ IZmYC5KZ1UxMxcZwiwW5gIctPXbLT/m6BmqSIgz551EP51HtKtU2Ko8Ao I=;
X-IronPort-AV: E=McAfee;i="5600,1067,7717"; a="104414606"
Received: from ironmsg03-l.qualcomm.com ([172.30.48.18]) by wolverine01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 20 Feb 2015 08:09:34 -0800
X-IronPort-AV: E=Sophos;i="5.09,615,1418112000"; d="scan'208";a="844866944"
Received: from nasanexm01f.na.qualcomm.com ([10.85.0.32]) by Ironmsg03-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 20 Feb 2015 08:09:34 -0800
Received: from presnick-mac.local (10.80.80.8) by NASANEXM01F.na.qualcomm.com (10.85.0.32) with Microsoft SMTP Server (TLS) id 15.0.995.29; Fri, 20 Feb 2015 08:09:32 -0800
Message-ID: <54E75C3B.7070605@qti.qualcomm.com>
Date: Fri, 20 Feb 2015 10:09:31 -0600
From: Pete Resnick <presnick@qti.qualcomm.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.1.9) Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: Julian Reschke <julian.reschke@gmx.de>
References: <20150218214927.31074.15996.idtracker@ietfa.amsl.com> <54E511BF.1070503@gmx.de> <54E51652.4050301@qti.qualcomm.com> <54E51843.1050307@greenbytes.de> <CALaySJJCzgkUNpONxFdv9-ZUD_Qxa_70rt+3g+U60Ctt80CMAg@mail.gmail.com> <54E58D9C.5020207@gmx.de> <CAHbuEH7rf72Dx0QiLgEjPZ7vCDDinEYZE-E9yTvABfSii635Pg@mail.gmail.com> <54E61331.7080807@greenbytes.de> <1goceat2c0sh1sifsuq6rv7u5bbth190vq@hive.bjoern.hoehrmann.de> <54E66703.50207@gmx.de> <1spceahm85je6hntfufprl183lam06bjgi@hive.bjoern.hoehrmann.de> <9FFC8911-ADD5-41F5-BC9E-5E78BAEB53CE@gbiv.com> <54E74195.7010503@gmx.de>
In-Reply-To: <54E74195.7010503@gmx.de>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.80.80.8]
X-ClientProxiedBy: NASANEXM01E.na.qualcomm.com (10.85.0.31) To NASANEXM01F.na.qualcomm.com (10.85.0.32)
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/WFZqKPUMlYRAODxbz4ZU9BndxK0>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, httpauth-chairs@ietf.org, "http-auth@ietf.org" <http-auth@ietf.org>, The IESG <iesg@ietf.org>, Barry Leiba <barryleiba@computer.org>, draft-ietf-httpauth-basicauth-update.all@ietf.org
Subject: Re: [http-auth] Pete Resnick's No Objection on draft-ietf-httpauth-basicauth-update-06: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Feb 2015 16:09:41 -0000

On 2/20/15 8:15 AM, Julian Reschke wrote:
> I changed the text to:
>
>>    Furthermore, a user-id containing a colon character is invalid, as
>>    the first colon in a user-pass string separates user-id and password
>>    from one another; text after the first colon is part of the password.
>>    User-ids containing colons cannot be encoded in user-pass strings.
>>
>>    Note that many user agents produce user-pass strings without checking
>>    that user-ids supplied by users do not contain colons; recipients
>>    will then treat part of the username input as part of the password.
>
> in <http://trac.tools.ietf.org/wg/httpauth/trac/changeset/128>.
>
> Pete, Barry, does this sound good to you?

It's fine. I will admit to still being a bit mystified about the 
reluctance to use the imperative, because really implementations MUST 
NOT be putting user-ids with colons on the wire if they expect 
interoperation. But the above defines the syntax just fine, and there's 
no reading the above and thinking that it's OK to put a colon in the 
user-id portion of the user-pass string and expect it to work. So go for it.

pr

-- 
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478

v2.23.0 | Report a Bug | By Email