Re: [http-auth] Working Group Last Call for draft-ietf-httpauth-basicauth-update-03.txt
Julian Reschke <julian.reschke@gmx.de> Wed, 17 December 2014 22:08 UTC
Return-Path: <julian.reschke@gmx.de>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 550231A87C5 for <http-auth@ietfa.amsl.com>; Wed, 17 Dec 2014 14:08:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tyeLe6ZRWYqX for <http-auth@ietfa.amsl.com>; Wed, 17 Dec 2014 14:08:28 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35F081A8785 for <http-auth@ietf.org>; Wed, 17 Dec 2014 14:08:28 -0800 (PST)
Received: from [192.168.2.160] ([93.217.74.159]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0M2XkX-1XkNkI1b53-00sQPi; Wed, 17 Dec 2014 23:08:25 +0100
Message-ID: <5491FECE.8080704@gmx.de>
Date: Wed, 17 Dec 2014 23:08:14 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Yoav Nir <ynir.ietf@gmail.com>, IETF HTTP Auth <http-auth@ietf.org>
References: <20141202111608.27803.85751.idtracker@ietfa.amsl.com> <60D2DF51-5CD9-4A55-8031-4F974C0F8DF9@gmail.com>
In-Reply-To: <60D2DF51-5CD9-4A55-8031-4F974C0F8DF9@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:EcUyWTVh63jZVVrc2ubn8wvv/2HfB0BxM1fE+BA+jXc0qw/G4dC RYatjUybl5RusihpFi3iGCa0V9ZdZUuLWkIbRQZeRcSLLx94t1049GwDaOuGZ52X9fp0stP Zh5hGolIYokT9fOlSNq/s3kkUWjNerLya1ihEgitn+6sHY0XKml3v9bKsB5rLirwZhq0xUd iy7Rp1zCDQiYBQm21FFlg==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/btFpigZTDYUBRAIQ_hLjVsQadX4
Subject: Re: [http-auth] Working Group Last Call for draft-ietf-httpauth-basicauth-update-03.txt
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Dec 2014 22:08:36 -0000
On 2014-12-02 12:19, Yoav Nir wrote: > Thank you, Julian > > This begins a 2-week WGLC for this document. > > Please take the time to read through and post any comments to the list. > > Cheers > > Matt & Yoav > ... ...and the WGLC ended yesterday. My current edits are over here: <http://greenbytes.de/tech/webdav/draft-ietf-httpauth-basicauth-update-latest-from-previous.diff.html> Those are all editorial, mostly based on WGLC feedback (thanks). In the LC, there were also requests to change prose to use more BCP14 terms, and also to make the use of the charset parameter required; I did not make any changes with respect to this, because: - I believe our use of BCP14 terms is consistent with the HTTP specs, and - The whole premise of introducing the charset parameter was to leave existing conforming implementations conforming; thus it was always meant to be truly OPTIONAL. Finally, while reviewing DIGEST, I noticed that there are security considerations in RFC 2617 that should have been in RFC 7235, namely: <http://greenbytes.de/tech/webdav/rfc2617.html#rfc.section.4.6> and <http://greenbytes.de/tech/webdav/rfc2617.html#rfc.section.4.8> I believe the best way to address this is to track this as a TODO for RFC7235bis (which I intend to get to in due time). Chairs: should I submit what I currently have, or are more changes needed? Best regards, Julian
- [http-auth] I-D Action: draft-ietf-httpauth-basic… internet-drafts
- [http-auth] Working Group Last Call for draft-iet… Yoav Nir
- Re: [http-auth] Working Group Last Call for draft… Michael Sweet
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Michael Sweet
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Yoav Nir
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Yoav Nir
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Benjamin Kaduk
- Re: [http-auth] Working Group Last Call for draft… Peter Saint-Andre - &yet
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke
- Re: [http-auth] Working Group Last Call for draft… Benjamin Kaduk
- Re: [http-auth] Working Group Last Call for draft… Julian Reschke