Re: [http-auth] Authentication-Info
Yutaka OIWA <y.oiwa@aist.go.jp> Sat, 06 December 2014 04:36 UTC
Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7480D1A8835 for <http-auth@ietfa.amsl.com>; Fri, 5 Dec 2014 20:36:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.679
X-Spam-Level:
X-Spam-Status: No, score=-3.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0i4oCZqmqkIC for <http-auth@ietfa.amsl.com>; Fri, 5 Dec 2014 20:36:28 -0800 (PST)
Received: from na3sys010aog105.obsmtp.com (na3sys010aog105.obsmtp.com [74.125.245.78]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82C891A87B0 for <http-auth@ietf.org>; Fri, 5 Dec 2014 20:36:28 -0800 (PST)
Received: from mail-la0-f45.google.com ([209.85.215.45]) (using TLSv1) by na3sys010aob105.postini.com ([74.125.244.12]) with SMTP ID DSNKVIKHy+3G6J2nifgU68WGd7htLRj6UxnF@postini.com; Fri, 05 Dec 2014 20:36:28 PST
Received: by mail-la0-f45.google.com with SMTP id gq15so1671666lab.4 for <http-auth@ietf.org>; Fri, 05 Dec 2014 20:36:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=18uq1ubxDfRHs3qzk3f/zLJg83CwZzEV4srOr1GReCM=; b=dTioKbFtAzXQJDX93cGzyZfde3MCD02lC0B1yET1KdEX5EmBGp+BxBKoMTrlj/iXN+ Lib3M9fGhAiz2iwTFZp5/O5rNR47SA87uUzkVyMpQJQ11jvxx6ACuGX3ifX7f743cElc BDSl0AfkwO1bfBtS5e+q6znsh3dezEVMPCR0w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=18uq1ubxDfRHs3qzk3f/zLJg83CwZzEV4srOr1GReCM=; b=i78zpARgsoE0Reo4bADBByoIMWgfBIeL2VolrSwrhDLOLkAIulFQOLbauTxyj6g7WV AkKxjlnuetu9BwwC0+ZPq5OMIhWkwfFml9AywLWFO/yVOyPbl3y2LcPSi9AFENbDTjms +BQyS+hKsRYkr6uDeD3E+fGqT6agn7l8qelPkTYiVT1uB6hBIWHgHkNDAnlLU9abPPse Vi2xfOPkIp0MbjqYImhzunTYZtVeMySq/+QFPxwuBamIJLMujP4JP4TAaeo6s9tAgKUg YnTIamC869/tnwyewFnTGvxBUtDRf1BZqExt37bjdJvJoSgiHK/xXaMYqoB4r01AfNoL 9g1Q==
X-Gm-Message-State: ALoCoQkQU5leAbRim9on9AP8IcNlbuyN+V4BIgnmaIzCBHJ0w2mm5Mrc4uTrHXg7PNGXc2+K5ae6LWSsG2VKY3hDBwNAjvDxwS/vyATFqtgrClmaYNEzS4AfY+TvqgP5KS9c8CtZpHGzpzqae29VgFlYZSPbfBmi5Q==
X-Received: by 10.152.234.140 with SMTP id ue12mr5884045lac.78.1417840586527; Fri, 05 Dec 2014 20:36:26 -0800 (PST)
X-Received: by 10.152.234.140 with SMTP id ue12mr5884037lac.78.1417840586425; Fri, 05 Dec 2014 20:36:26 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.83.203 with HTTP; Fri, 5 Dec 2014 20:36:06 -0800 (PST)
In-Reply-To: <547DB5D1.5040909@gmx.de>
References: <547DB5D1.5040909@gmx.de>
From: Yutaka OIWA <y.oiwa@aist.go.jp>
Date: Sat, 06 Dec 2014 13:36:06 +0900
Message-ID: <CAMeZVwtCtgGF-pyUmDM3Pn3S5BK-eGVnHXNoc+jCxXpCCQ23ng@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/reTLUJu_nv7f2yTvWHKqQDmvJmk
Cc: "http-auth@ietf.org" <http-auth@ietf.org>
Subject: Re: [http-auth] Authentication-Info
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Dec 2014 04:36:30 -0000
Dear Julian,
I prefer 1) (and 2 as an alternative if 1 is not feasible).
We should not have a separate header for common functionalities
(server-to-client authentication data vehicle)
between auth. schemes as far as possible.
The header is also a definitive part of Mutual spec
(because it mandates mutual authentication on that header),
and I'd like to harmonize use of the header with other schemes.
When syntax differences between other drafts are resolved,
I'll harmonize the syntax in my drafts as well.
--
Yutaka OIWA, Ph.D.
Senior Researcher, Research Institute for Secure Systems (RISEC)
National Institute of Advanced Industrial Science and Technology (AIST)
Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D 3139 8677 9BD2 4405 46B5]
2014-12-02 21:51 GMT+09:00 Julian Reschke <julian.reschke@gmx.de>:
> Hi there,
>
> this is a minor outstanding issue with the Digest and SCRAM drafts. It was
> discussed in both the WG sessions and in hallway conversations.
>
> This header field originally was defined in the "Digest" part of RFC 2617,
> and consequently, it was copied over into
> <http://tools.ietf.org/html/draft-ietf-httpauth-digest-08#section-3.5>.
>
> <http://tools.ietf.org/html/draft-ietf-httpauth-scram-auth-04> currently
> uses it as well, but with with a slightly differing syntax.
>
> Given the fact that we have two authentication scheme definitions that have
> a use case for this header field -- shouldn't we define it in a way so that
> it becomes a generic (optional) feature for authentications schemes?
>
> Choices:
>
> 1) The cleanest approach seems to move the definition into a separate spec
> which later can be absorbed by a future RFC7235bis. I volunteer to write
> that spec (it'll be very short), but this would require changes to the
> Digest spec post-WGLC.
>
> 2) Alternatively, we could tune the Digest draft to introduce the header
> field in a more generic way, allowing other schemes to use it as well. That
> would avoid a dependency to a yet unwritten spec, but the complexity
> wouldn't really change.
>
> 3) We can tell Alexey to pick a different field name, which would shift all
> required changes to the SCRAM spec.
>
> Feedback appreciated,
>
> Julian
>
> _______________________________________________
> http-auth mailing list
> http-auth@ietf.org
> https://www.ietf.org/mailman/listinfo/http-auth
- [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Michael Sweet
- Re: [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Ken Murchison
- Re: [http-auth] Authentication-Info Michael Sweet
- Re: [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Rifaat Shekh-Yusef
- Re: [http-auth] Authentication-Info Yutaka OIWA
- Re: [http-auth] Authentication-Info Julian Reschke
- Re: [http-auth] Authentication-Info Rifaat Shekh-Yusef