Re: [http-auth] Pete Resnick's No Objection on draft-ietf-httpauth-basicauth-update-06: (with COMMENT)
Pete Resnick <presnick@qti.qualcomm.com> Fri, 20 February 2015 16:09 UTC
Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B10E1A0066; Fri, 20 Feb 2015 08:09:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.011
X-Spam-Level:
X-Spam-Status: No, score=-7.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjGGv1DhbaUg; Fri, 20 Feb 2015 08:09:39 -0800 (PST)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D19761A877A; Fri, 20 Feb 2015 08:09:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1424448574; x=1455984574; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=uqYF1wnGfZg5tHz7SfoYoY5ZSmcTbt75+Svn2almAEU=; b=tAPecdqVdntFOK/DFR/pyBNVc10wiRHMhXcXg8nFv2AfU87+hf5vC4m7 2pdeRkiN1S/STgFN766MB+GMEtO51TvAw6gWiDrL7osK/xfTcpUZi4Ud/ IZmYC5KZ1UxMxcZwiwW5gIctPXbLT/m6BmqSIgz551EP51HtKtU2Ko8Ao I=;
X-IronPort-AV: E=McAfee;i="5600,1067,7717"; a="104414606"
Received: from ironmsg03-l.qualcomm.com ([172.30.48.18]) by wolverine01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 20 Feb 2015 08:09:34 -0800
X-IronPort-AV: E=Sophos;i="5.09,615,1418112000"; d="scan'208";a="844866944"
Received: from nasanexm01f.na.qualcomm.com ([10.85.0.32]) by Ironmsg03-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 20 Feb 2015 08:09:34 -0800
Received: from presnick-mac.local (10.80.80.8) by NASANEXM01F.na.qualcomm.com (10.85.0.32) with Microsoft SMTP Server (TLS) id 15.0.995.29; Fri, 20 Feb 2015 08:09:32 -0800
Message-ID: <54E75C3B.7070605@qti.qualcomm.com>
Date: Fri, 20 Feb 2015 10:09:31 -0600
From: Pete Resnick <presnick@qti.qualcomm.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.1.9) Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: Julian Reschke <julian.reschke@gmx.de>
References: <20150218214927.31074.15996.idtracker@ietfa.amsl.com> <54E511BF.1070503@gmx.de> <54E51652.4050301@qti.qualcomm.com> <54E51843.1050307@greenbytes.de> <CALaySJJCzgkUNpONxFdv9-ZUD_Qxa_70rt+3g+U60Ctt80CMAg@mail.gmail.com> <54E58D9C.5020207@gmx.de> <CAHbuEH7rf72Dx0QiLgEjPZ7vCDDinEYZE-E9yTvABfSii635Pg@mail.gmail.com> <54E61331.7080807@greenbytes.de> <1goceat2c0sh1sifsuq6rv7u5bbth190vq@hive.bjoern.hoehrmann.de> <54E66703.50207@gmx.de> <1spceahm85je6hntfufprl183lam06bjgi@hive.bjoern.hoehrmann.de> <9FFC8911-ADD5-41F5-BC9E-5E78BAEB53CE@gbiv.com> <54E74195.7010503@gmx.de>
In-Reply-To: <54E74195.7010503@gmx.de>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.80.80.8]
X-ClientProxiedBy: NASANEXM01E.na.qualcomm.com (10.85.0.31) To NASANEXM01F.na.qualcomm.com (10.85.0.32)
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/WFZqKPUMlYRAODxbz4ZU9BndxK0>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, httpauth-chairs@ietf.org, "http-auth@ietf.org" <http-auth@ietf.org>, The IESG <iesg@ietf.org>, Barry Leiba <barryleiba@computer.org>, draft-ietf-httpauth-basicauth-update.all@ietf.org
Subject: Re: [http-auth] Pete Resnick's No Objection on draft-ietf-httpauth-basicauth-update-06: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Feb 2015 16:09:41 -0000
On 2/20/15 8:15 AM, Julian Reschke wrote: > I changed the text to: > >> Furthermore, a user-id containing a colon character is invalid, as >> the first colon in a user-pass string separates user-id and password >> from one another; text after the first colon is part of the password. >> User-ids containing colons cannot be encoded in user-pass strings. >> >> Note that many user agents produce user-pass strings without checking >> that user-ids supplied by users do not contain colons; recipients >> will then treat part of the username input as part of the password. > > in <http://trac.tools.ietf.org/wg/httpauth/trac/changeset/128>. > > Pete, Barry, does this sound good to you? It's fine. I will admit to still being a bit mystified about the reluctance to use the imperative, because really implementations MUST NOT be putting user-ids with colons on the wire if they expect interoperation. But the above defines the syntax just fine, and there's no reading the above and thinking that it's OK to put a colon in the user-id portion of the user-pass string and expect it to work. So go for it. pr -- Pete Resnick<http://www.qualcomm.com/~presnick/> Qualcomm Technologies, Inc. - +1 (858)651-4478
- [http-auth] Pete Resnick's No Objection on draft-… Pete Resnick
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Bjoern Hoehrmann
- Re: [http-auth] Pete Resnick's No Objection on dr… Pete Resnick
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Barry Leiba
- Re: [http-auth] Pete Resnick's No Objection on dr… Bjoern Hoehrmann
- Re: [http-auth] Pete Resnick's No Objection on dr… Barry Leiba
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Kathleen Moriarty
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Barry Leiba
- Re: [http-auth] Pete Resnick's No Objection on dr… Bjoern Hoehrmann
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Bjoern Hoehrmann
- Re: [http-auth] Pete Resnick's No Objection on dr… Roy T. Fielding
- Re: [http-auth] Pete Resnick's No Objection on dr… Martin J. Dürst
- Re: [http-auth] Pete Resnick's No Objection on dr… Julian Reschke
- Re: [http-auth] Pete Resnick's No Objection on dr… Barry Leiba
- Re: [http-auth] Pete Resnick's No Objection on dr… Kathleen Moriarty
- Re: [http-auth] Pete Resnick's No Objection on dr… Pete Resnick
- Re: [http-auth] Pete Resnick's No Objection on dr… Kathleen Moriarty
- Re: [http-auth] Pete Resnick's No Objection on dr… Barry Leiba
- Re: [http-auth] Pete Resnick's No Objection on dr… Kathleen Moriarty