Re: [http-auth] I-D Action: draft-ietf-httpauth-scram-auth-08.txt
Tony Hansen <tony@att.com> Sun, 18 October 2015 19:34 UTC
Return-Path: <tony@att.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B76421ACEBD for <http-auth@ietfa.amsl.com>; Sun, 18 Oct 2015 12:34:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.245
X-Spam-Level:
X-Spam-Status: No, score=-1.245 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w3g6rWENFBOS for <http-auth@ietfa.amsl.com>; Sun, 18 Oct 2015 12:34:35 -0700 (PDT)
Received: from mx0b-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B41411ACEB7 for <http-auth@ietf.org>; Sun, 18 Oct 2015 12:34:35 -0700 (PDT)
Received: from pps.filterd (m0049463.ppops.net [127.0.0.1]) by m0049463.ppops.net-00191d01. (8.15.0.59/8.15.0.59) with SMTP id t9IJY82e009414 for <http-auth@ietf.org>; Sun, 18 Oct 2015 15:34:34 -0400
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0049463.ppops.net-00191d01. with ESMTP id 1xkjq6ew1x-1 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <http-auth@ietf.org>; Sun, 18 Oct 2015 15:34:34 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id t9IJYY5m019709 for <http-auth@ietf.org>; Sun, 18 Oct 2015 15:34:34 -0400
Received: from alpi133.aldc.att.com (alpi133.aldc.att.com [130.8.217.3]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id t9IJYR5K019666 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <http-auth@ietf.org>; Sun, 18 Oct 2015 15:34:31 -0400
Received: from alpi153.aldc.att.com (alpi153.aldc.att.com [130.8.42.31]) by alpi133.aldc.att.com (RSA Interceptor) for <http-auth@ietf.org>; Sun, 18 Oct 2015 19:34:23 GMT
Received: from aldc.att.com (localhost [127.0.0.1]) by alpi153.aldc.att.com (8.14.5/8.14.5) with ESMTP id t9IJYNg1023615 for <http-auth@ietf.org>; Sun, 18 Oct 2015 15:34:23 -0400
Received: from mailgw1.maillennium.att.com (maillennium.att.com [135.25.114.99]) by alpi153.aldc.att.com (8.14.5/8.14.5) with ESMTP id t9IJYJjk023536 for <http-auth@ietf.org>; Sun, 18 Oct 2015 15:34:20 -0400
Received: from tonys-macbook-pro.local (unknown[135.110.240.3](untrusted sender)) by maillennium.att.com (mailgw1) with ESMTP id <20151018193418gw100dvb6le>; Sun, 18 Oct 2015 19:34:19 +0000
X-Originating-IP: [135.110.240.3]
References: <20151018114350.19020.40343.idtracker@ietfa.amsl.com>
Cc: http-auth@ietf.org
From: Tony Hansen <tony@att.com>
Message-ID: <5623F439.9080105@att.com>
Date: Sun, 18 Oct 2015 15:34:17 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <20151018114350.19020.40343.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2015-10-18_16:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1507310000 definitions=main-1510180367
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/kTjyE9Ayj4Moky4JVviliWWr1nI>
Subject: Re: [http-auth] I-D Action: draft-ietf-httpauth-scram-auth-08.txt
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Oct 2015 19:34:36 -0000
On 10/18/15 7:43 AM, internet-drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Hypertext Transfer Protocol Authentication Working Group of the IETF. > > Title : Salted Challenge Response (SCRAM) HTTP Authentication Mechanism > Author : Alexey Melnikov > Filename : draft-ietf-httpauth-scram-auth-08.txt > Pages : 18 > Date : 2015-10-18 I read through this draft. I spotted one nit that I sent directly to Alexey. Other than that, I did not see anything wrong. Regarding the open issue "Should "sid" directive be an attribute or a new HTTP header field shared with other HTTP authentication mechanisms?", I think the way it is specified in this document as part of the WWW-Authenticate header is just fine. After information from Precis is incorporated, this document looks ready for WGLC. Tony Hansen
- [http-auth] I-D Action: draft-ietf-httpauth-scram… internet-drafts
- Re: [http-auth] I-D Action: draft-ietf-httpauth-s… Tony Hansen