IETF Logo Mail Archive

[http-auth] Authentication-Info

Julian Reschke <julian.reschke@gmx.de> Tue, 02 December 2014 12:51 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 153281A1B3B for <http-auth@ietfa.amsl.com>; Tue, 2 Dec 2014 04:51:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jTsDmaKf2y3o for <http-auth@ietfa.amsl.com>; Tue, 2 Dec 2014 04:51:36 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FE9B1A1B2E for <http-auth@ietf.org>; Tue, 2 Dec 2014 04:51:36 -0800 (PST)
Received: from [192.168.1.26] ([217.91.35.233]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0M50aI-1Y69nv3x4I-00zFvV for <http-auth@ietf.org>; Tue, 02 Dec 2014 13:51:34 +0100
Message-ID: <547DB5D1.5040909@gmx.de>
Date: Tue, 02 Dec 2014 13:51:29 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: "http-auth@ietf.org" <http-auth@ietf.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:eFgKvZoWEUJ4nbdAo/G01nUHPU15x7yJg4hKtELQANCKUqqq3oO P3DpWTN5FUoRYN58J1ROGNGfbsZCFelvvXSw+N11ziNYPEWV6DJVzFG+d1r1qRHZAk6KRRy ZpCD6gcDfntLk5ajEeL+9kNHlZZzZtDznaoSFmNgVZQwOoRKN9aUC3K2M75D3D2VWf7EupG VKJEovqtxUaqv1F2KXEAQ==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/rJZgi2Un-u16fV_PDgmBJDnfquU
Subject: [http-auth] Authentication-Info
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 12:51:38 -0000

Hi there,

this is a minor outstanding issue with the Digest and SCRAM drafts. It 
was discussed in both the WG sessions and in hallway conversations.

This header field originally was defined in the "Digest" part of RFC 
2617, and consequently, it was copied over into 
<http://tools.ietf.org/html/draft-ietf-httpauth-digest-08#section-3.5>.

<http://tools.ietf.org/html/draft-ietf-httpauth-scram-auth-04> currently 
uses it as well, but with with a slightly differing syntax.

Given the fact that we have two authentication scheme definitions that 
have a use case for this header field -- shouldn't we define it in a way 
so that it becomes a generic (optional) feature for authentications schemes?

Choices:

1) The cleanest approach seems to move the definition into a separate 
spec which later can be absorbed by a future RFC7235bis. I volunteer to 
write that spec (it'll be very short), but this would require changes to 
the Digest spec post-WGLC.

2) Alternatively, we could tune the Digest draft to introduce the header 
field in a more generic way, allowing other schemes to use it as well. 
That would avoid a dependency to a yet unwritten spec, but the 
complexity wouldn't really change.

3) We can tell Alexey to pick a different field name, which would shift 
all required changes to the SCRAM spec.

Feedback appreciated,

Julian

v2.23.0 | Report a Bug | By Email