[http-auth] Protocol Action: 'The 'Basic' HTTP Authentication Scheme' to Proposed Standard (draft-ietf-httpauth-basicauth-update-07.txt)

The IESG <iesg-secretary@ietf.org> Tue, 03 March 2015 19:04 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 65E411AC438; Tue, 3 Mar 2015 11:04:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id szh4H7BoSDj6; Tue, 3 Mar 2015 11:04:56 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D46BD1AC3D9; Tue, 3 Mar 2015 11:04:53 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.12.0.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150303190453.1403.72217.idtracker@ietfa.amsl.com>
Date: Tue, 03 Mar 2015 11:04:53 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/gflJ6NwDTUVVtjrUmep-2vAArWs>
Cc: httpauth mailing list <http-auth@ietf.org>, httpauth chair <httpauth-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [http-auth] Protocol Action: 'The 'Basic' HTTP Authentication Scheme' to Proposed Standard (draft-ietf-httpauth-basicauth-update-07.txt)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2015 19:04:57 -0000

The IESG has approved the following document:
- 'The 'Basic' HTTP Authentication Scheme'
  (draft-ietf-httpauth-basicauth-update-07.txt) as Proposed Standard

This document is the product of the Hypertext Transfer Protocol
Authentication Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:

Technical Summary

   This document defines the "Basic" Hypertext Transfer Protocol (HTTP)
   Authentication Scheme, which transmits credentials as userid/password
   pairs, Base64 encoded. The "Basic" scheme previously was defined in
   Section 2 of [RFC2617].  This document updates the definition, and also
   addresses internationalization issues by introducing the "charset"
   authentication parameter (Section 2.1).
   This version details all of the known security issues and explicitly
   discourages it's use when a more secure type of authentication
   should be used.

Working Group Summary

   This document is part of a set of documents that includes HTTP Digest
   and RFC7235 to collectively obsolete RFC 2617.  As such, this draft
   describes existing practice, with an update to add support for 
    o A new charset parameter with UTF-8 as the only valid value.
    o A normative reference to the precis draft for valid characters.
    o Appendix B with deployment considerations for co-existing with
      legacy implementations.
   With version -07 it is the consensus of the HTTP-Auth working group 
   that this document is fit to be published as a standards-track RFC.

Document Quality

   There are a few implementations of this specification, and they have 
   been tested and shown to interoperate with the large install base of 
   web browsers and web servers.


   Kathleen Moriarty is the responsible Area Director.
   Yoav Nir is the document shepherd.


    IANA maintains the registry of HTTP Authentication Schemes
    ([RFC7235]) at <http://www.iana.org/assignments/http-authschemes>
    and the entry for the "Basic" Authentication Scheme is to be updated with
    a pointer to this specification.