[http-auth] Protocol Action: 'The 'Basic' HTTP Authentication Scheme' to Proposed Standard (draft-ietf-httpauth-basicauth-update-07.txt)
The IESG <iesg-secretary@ietf.org> Tue, 03 March 2015 19:04 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65E411AC438; Tue, 3 Mar 2015 11:04:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id szh4H7BoSDj6; Tue, 3 Mar 2015 11:04:56 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D46BD1AC3D9; Tue, 3 Mar 2015 11:04:53 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.12.0.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150303190453.1403.72217.idtracker@ietfa.amsl.com>
Date: Tue, 03 Mar 2015 11:04:53 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/gflJ6NwDTUVVtjrUmep-2vAArWs>
Cc: httpauth mailing list <http-auth@ietf.org>, httpauth chair <httpauth-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [http-auth] Protocol Action: 'The 'Basic' HTTP Authentication Scheme' to Proposed Standard (draft-ietf-httpauth-basicauth-update-07.txt)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2015 19:04:57 -0000
The IESG has approved the following document: - 'The 'Basic' HTTP Authentication Scheme' (draft-ietf-httpauth-basicauth-update-07.txt) as Proposed Standard This document is the product of the Hypertext Transfer Protocol Authentication Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-httpauth-basicauth-update/ Technical Summary This document defines the "Basic" Hypertext Transfer Protocol (HTTP) Authentication Scheme, which transmits credentials as userid/password pairs, Base64 encoded. The "Basic" scheme previously was defined in Section 2 of [RFC2617]. This document updates the definition, and also addresses internationalization issues by introducing the "charset" authentication parameter (Section 2.1). This version details all of the known security issues and explicitly discourages it's use when a more secure type of authentication should be used. Working Group Summary This document is part of a set of documents that includes HTTP Digest and RFC7235 to collectively obsolete RFC 2617. As such, this draft describes existing practice, with an update to add support for internationalization: o A new charset parameter with UTF-8 as the only valid value. o A normative reference to the precis draft for valid characters. o Appendix B with deployment considerations for co-existing with legacy implementations. With version -07 it is the consensus of the HTTP-Auth working group that this document is fit to be published as a standards-track RFC. Document Quality There are a few implementations of this specification, and they have been tested and shown to interoperate with the large install base of web browsers and web servers. Personnel Kathleen Moriarty is the responsible Area Director. Yoav Nir is the document shepherd. IANA Note IANA maintains the registry of HTTP Authentication Schemes ([RFC7235]) at <http://www.iana.org/assignments/http-authschemes> and the entry for the "Basic" Authentication Scheme is to be updated with a pointer to this specification.
- [http-auth] Protocol Action: 'The 'Basic' HTTP Au… The IESG
- Re: [http-auth] Protocol Action: 'The 'Basic' HTT… Yoav Nir
- [http-auth] [IANA #811201] Protocol Action: 'The … Amanda Baber via RT
- Re: [http-auth] [IANA #811201] Protocol Action: '… Julian Reschke