[http-auth] Authentication-Info
Julian Reschke <julian.reschke@gmx.de> Tue, 02 December 2014 12:51 UTC
Return-Path: <julian.reschke@gmx.de>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 153281A1B3B for <http-auth@ietfa.amsl.com>; Tue, 2 Dec 2014 04:51:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jTsDmaKf2y3o for <http-auth@ietfa.amsl.com>; Tue, 2 Dec 2014 04:51:36 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FE9B1A1B2E for <http-auth@ietf.org>; Tue, 2 Dec 2014 04:51:36 -0800 (PST)
Received: from [192.168.1.26] ([217.91.35.233]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0M50aI-1Y69nv3x4I-00zFvV for <http-auth@ietf.org>; Tue, 02 Dec 2014 13:51:34 +0100
Message-ID: <547DB5D1.5040909@gmx.de>
Date: Tue, 02 Dec 2014 13:51:29 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: "http-auth@ietf.org" <http-auth@ietf.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:eFgKvZoWEUJ4nbdAo/G01nUHPU15x7yJg4hKtELQANCKUqqq3oO P3DpWTN5FUoRYN58J1ROGNGfbsZCFelvvXSw+N11ziNYPEWV6DJVzFG+d1r1qRHZAk6KRRy ZpCD6gcDfntLk5ajEeL+9kNHlZZzZtDznaoSFmNgVZQwOoRKN9aUC3K2M75D3D2VWf7EupG VKJEovqtxUaqv1F2KXEAQ==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/rJZgi2Un-u16fV_PDgmBJDnfquU
Subject: [http-auth] Authentication-Info
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 12:51:38 -0000
Hi there, this is a minor outstanding issue with the Digest and SCRAM drafts. It was discussed in both the WG sessions and in hallway conversations. This header field originally was defined in the "Digest" part of RFC 2617, and consequently, it was copied over into <http://tools.ietf.org/html/draft-ietf-httpauth-digest-08#section-3.5>. <http://tools.ietf.org/html/draft-ietf-httpauth-scram-auth-04> currently uses it as well, but with with a slightly differing syntax. Given the fact that we have two authentication scheme definitions that have a use case for this header field -- shouldn't we define it in a way so that it becomes a generic (optional) feature for authentications schemes? Choices: 1) The cleanest approach seems to move the definition into a separate spec which later can be absorbed by a future RFC7235bis. I volunteer to write that spec (it'll be very short), but this would require changes to the Digest spec post-WGLC. 2) Alternatively, we could tune the Digest draft to introduce the header field in a more generic way, allowing other schemes to use it as well. That would avoid a dependency to a yet unwritten spec, but the complexity wouldn't really change. 3) We can tell Alexey to pick a different field name, which would shift all required changes to the SCRAM spec. Feedback appreciated, Julian
- [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Michael Sweet
- Re: [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Ken Murchison
- Re: [http-auth] Authentication-Info Michael Sweet
- Re: [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Rifaat Shekh-Yusef
- Re: [http-auth] Authentication-Info Yutaka OIWA
- Re: [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Rifaat Shekh-Yusef