Re: [http-auth] Alexey Melnikov's No Objection on draft-ietf-httpauth-extension-08: (with COMMENT)

大岩寛 <y.oiwa@aist.go.jp> Mon, 05 September 2016 08:24 UTC

Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D51012B2DD; Mon, 5 Sep 2016 01:24:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aist.go.jp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B_RD2seqEdnp; Mon, 5 Sep 2016 01:24:11 -0700 (PDT)
Received: from JPN01-OS2-obe.outbound.protection.outlook.com (mail-os2jpn01on0080.outbound.protection.outlook.com [104.47.92.80]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27A0112B2ED; Mon, 5 Sep 2016 01:24:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GUgiyo+hgN6HY0K/oei5RPZ08qW1MxCuXaSzsosVPhk=; b=AntSavfGHjtCi3AjhEgJRRUgeu2CSm9UiTWzf/mYwNsH+GrpGz34Fd3r1GuAIsejwwfx/J+RniAf9g7kg3ieMoZfwWc2+0HBv84kPBRIT+dmWO343hXYTRisXed3F0ohAXcc+OG2+Yb9NApuA878aCvgq2baEbr4fb4auKZmdBU=
Received: from TY1PR01MB0588.jpnprd01.prod.outlook.com (10.167.157.18) by TY1PR01MB0588.jpnprd01.prod.outlook.com (10.167.157.18) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.599.9; Mon, 5 Sep 2016 08:24:07 +0000
Received: from TY1PR01MB0588.jpnprd01.prod.outlook.com ([10.167.157.18]) by TY1PR01MB0588.jpnprd01.prod.outlook.com ([10.167.157.18]) with mapi id 15.01.0599.016; Mon, 5 Sep 2016 08:24:07 +0000
From: =?iso-2022-jp?B?GyRCQmc0ZDQyGyhC?= <y.oiwa@aist.go.jp>
To: Alexey Melnikov <aamelnikov@fastmail.fm>
Thread-Topic: Alexey Melnikov's No Objection on draft-ietf-httpauth-extension-08: (with COMMENT)
Thread-Index: AQHSBGAsLT+TABkFxEakoeSAg5YN3KBnIoFQgABnWgCAAwrZ9Q==
Date: Mon, 5 Sep 2016 08:24:07 +0000
Message-ID: <TY1PR01MB0588B3E394347EFE9E48F43CA0E60@TY1PR01MB0588.jpnprd01.prod.outlook.com>
References: <147274142144.10095.917266239677089935.idtracker@ietfa.amsl.com> <TY1PR01MB058849D777444188BE2474A7A0E40@TY1PR01MB0588.jpnprd01.prod.outlook.com>, <B02DC24B-D02C-4E37-AAA2-966AC21DE52C@fastmail.fm>
In-Reply-To: <B02DC24B-D02C-4E37-AAA2-966AC21DE52C@fastmail.fm>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=y.oiwa@aist.go.jp;
x-originating-ip: [25.167.153.132]
x-ms-office365-filtering-correlation-id: 22527c1e-1202-4227-d2a5-08d3d5660126
x-microsoft-exchange-diagnostics: 1; TY1PR01MB0588; 6:+NUhyOF5M5UzR6wdvYWf2nfZO8E92pE/s5O/2OoIa3szwzmuaGg79dR0d9d7XLnbD9ex6hbTjVgf3qY5G1wAxKgMzsQ5JJQoOPpnUehl2GFHO1EVoNZWHP8T24KM8vWi8G9KoWBCOP6kCYI5qLsLyKmkTKBaC8fSiUn9nhSRW98PK0KgkUwwMghoz3JSsBldOuPudXpbJfAOkgEdWPUpdQDhd0A/Nu7e4X98qfhrVeh/OP+SZ3vT0d0Db+PsevXKrlpc5NdatHYGPz/G9utjQ5rllgYXqMcac5SWeVo5ggHHkBSynRkP/zCGAtvQxzjpD23I40rumRd6kHhrFu4vgA==; 5:/lrAPj3feFXq/Sw7h1Fbby2Egt9fTPscVBTkItbWd8UjWlw+xmHcniSKK8KgqGAQfg9R/cdeWNXcP/yeFpT6/Bd/XkYgJcsP4U4BC+n9mqnKNsnvZiXYuDRQeXaDdocIO72Rjc0ictfdWcgtS5OkCg==; 24:1KuxaVExugMDD0HtURgVFkGKPL9dO0CVP54LKWgYurTtSTuJmdZ/XxXB14Tohb50y/LS8cnihUjwVkRszSRfQijKIRmLp3XHCSZ37d+FNmo=; 7:ecBFHMCu9zOuyPQeWyaJBm3FHEyeB2vV3SdAwGdrFo9CIa/Bw9UAzMBPVcBdKc+t3EmaBFi8P7Bt0qp6fYZINhAuEqCTlsCuGa0pdCq4fsdsNK8FiGw6HGlZIjLs1wfnIGqfxnpncUTUF8ivbQYe1lFCywofG2AY/F5csVC+6jbG42zZ6VLIYOrj8JQs/7E40CUDZyBZX1/wb1f0PhxdS+30gCR7ZtDatGq54jZ1o9Vi8WYgUID/fNmyMQJ6t/A2
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:TY1PR01MB0588;
x-microsoft-antispam-prvs: <TY1PR01MB0588DA5810F4D5A058264834A0E60@TY1PR01MB0588.jpnprd01.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:TY1PR01MB0588; BCL:0; PCL:0; RULEID:; SRVR:TY1PR01MB0588;
x-forefront-prvs: 005671E15D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(24454002)(199003)(189002)(7846002)(86362001)(50986999)(2906002)(189998001)(7736002)(7696003)(105586002)(19580395003)(10400500002)(92566002)(122556002)(33656002)(76176999)(54356999)(5002640100001)(66066001)(230783001)(3280700002)(101416001)(345774005)(3660700001)(110136002)(87936001)(97736004)(5660300001)(11100500001)(8936002)(6116002)(102836003)(74316002)(74482002)(586003)(106356001)(81166006)(8666005)(68736007)(81156014)(106116001)(9686002)(2950100001)(85182001)(8676002)(77096005)(3846002)(2900100001)(19580405001)(305945005)(4326007)(76576001)(7059030); DIR:OUT; SFP:1101; SCL:1; SRVR:TY1PR01MB0588; H:TY1PR01MB0588.jpnprd01.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: aist.go.jp does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: aist.go.jp
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Sep 2016 08:24:07.1393 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 18a7fec8-652f-409b-8369-272d9ce80620
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY1PR01MB0588
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-auth/hpwHqBHVRaN3USntyoIAR8MhA4U>
Cc: "http-auth@ietf.org" <http-auth@ietf.org>, "httpauth-chairs@ietf.org" <httpauth-chairs@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-httpauth-extension@ietf.org" <draft-ietf-httpauth-extension@ietf.org>
Subject: Re: [http-auth] Alexey Melnikov's No Objection on draft-ietf-httpauth-extension-08: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Sep 2016 08:24:13 -0000

Dear Alexey,

thank you for the suggestion.
"no requirement" phrase seems to be very good solution.
________________________________________
差出人: Alexey Melnikov <aamelnikov@fastmail.fm>
送信日時: 2016年9月3日 18:55:30
宛先: 大岩寛
CC: The IESG; draft-ietf-httpauth-extension@ietf.org; Yoav Nir; httpauth-chairs@ietf.org; http-auth@ietf.org
件名: Re: Alexey Melnikov's No Objection on draft-ietf-httpauth-extension-08: (with COMMENT)

Hi,

On 3 Sep 2016, at 05:05, 大岩寛 <y.oiwa@aist.go.jp> wrote:

>> In Section 3, last paragraph:
>>
>>   Support of this header is OPTIONAL; clients MAY also implement this
>>   extension only for some selected authentication schemes.  New
>>   authentication schemes can make support of the optional
>>   authentication mandatory by its specification, though.
>>
>> I don't think this paragraph is needed, as this is granted, because support
>> for any extension like specified in this document is optional. So I suggest
>> deleting it.
>
> Of course, Experimental thing is always optional, as a starting point.
> But if we have two or more OPTIONALs, we need to clarify whether these are
> "one-by-one" or "all-or-nothing".
> What we wanted to assure here is that
> - It's optional support may vary between schemes.
>   For example, an implementation MAY choose to support it in Digest but not in Basic.
>   Also, implementation MAY choose only to support "username" and not "logout-timeout".
>   In this point, it's "one-by-one" OPTIONAL.

In this case I suggest that you either remove the first optional or rephrase this to say that there is no requirement to support this for all supported authentication schemes.
>
> - We have another "experimental" draft which normatively refers this draft and
>   requires implementation of this extension.
>   It's a kind of "all-or-nothing" (more precisely, "A implies B").
>   It does not contradict with the "experimental status" of this draft.
>
> These need a little more clarification than just saying "OPTIONAL" or "Experimental".
> If you have some solution to resolve it nicely, it's really appreciated.