Re: [http-auth] Protocol Action: 'The 'Basic' HTTP Authentication Scheme' to Proposed Standard (draft-ietf-httpauth-basicauth-update-07.txt)

Yoav Nir <ynir.ietf@gmail.com> Tue, 03 March 2015 19:37 UTC

Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20150303190453.1403.72217.idtracker@ietfa.amsl.com>
Date: Tue, 03 Mar 2015 21:36:55 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <C953CCF3-981A-417E-A26F-FF2419D7CD32@gmail.com>
References: <20150303190453.1403.72217.idtracker@ietfa.amsl.com>
To: httpauth mailing list <http-auth@ietf.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/tfCsJ8mTvmxvKP_CacpD8QwhHH4>
Subject: Re: [http-auth] Protocol Action: 'The 'Basic' HTTP Authentication Scheme' to Proposed Standard (draft-ietf-httpauth-basicauth-update-07.txt)
Precedence: list

Congratulations, Julian. Thanks for all the work.  And thanks to all who contributed.

Yoav

> On Mar 3, 2015, at 9:04 PM, The IESG <iesg-secretary@ietf.org> wrote:
> 
> The IESG has approved the following document:
> - 'The 'Basic' HTTP Authentication Scheme'
>  (draft-ietf-httpauth-basicauth-update-07.txt) as Proposed Standard
> 
> This document is the product of the Hypertext Transfer Protocol
> Authentication Working Group.
> 
> The IESG contact persons are Stephen Farrell and Kathleen Moriarty.
> 
> A URL of this Internet Draft is:
> http://datatracker.ietf.org/doc/draft-ietf-httpauth-basicauth-update/
> 
> 
> 
> 
> 
> Technical Summary
> 
>   This document defines the "Basic" Hypertext Transfer Protocol (HTTP)
>   Authentication Scheme, which transmits credentials as userid/password
>   pairs, Base64 encoded. The "Basic" scheme previously was defined in
>   Section 2 of [RFC2617].  This document updates the definition, and also
>   addresses internationalization issues by introducing the "charset"
>   authentication parameter (Section 2.1).
>   This version details all of the known security issues and explicitly
>   discourages it's use when a more secure type of authentication
>   should be used.
> 
> Working Group Summary
> 
>   This document is part of a set of documents that includes HTTP Digest
>   and RFC7235 to collectively obsolete RFC 2617.  As such, this draft
>   describes existing practice, with an update to add support for 
>   internationalization:
>    o A new charset parameter with UTF-8 as the only valid value.
>    o A normative reference to the precis draft for valid characters.
>    o Appendix B with deployment considerations for co-existing with
>      legacy implementations.
> 
>   With version -07 it is the consensus of the HTTP-Auth working group 
>   that this document is fit to be published as a standards-track RFC.
> 
> Document Quality
> 
>   There are a few implementations of this specification, and they have 
>   been tested and shown to interoperate with the large install base of 
>   web browsers and web servers.
> 
> Personnel
> 
>   Kathleen Moriarty is the responsible Area Director.
>   Yoav Nir is the document shepherd.
> 
> IANA Note
> 
>    IANA maintains the registry of HTTP Authentication Schemes
>    ([RFC7235]) at <http://www.iana.org/assignments/http-authschemes>
>    and the entry for the "Basic" Authentication Scheme is to be updated with
>    a pointer to this specification.
>

[http-auth] Protocol Action: 'The 'Basic' HTTP Au… The IESG
Re: [http-auth] Protocol Action: 'The 'Basic' HTT… Yoav Nir
[http-auth] [IANA #811201] Protocol Action: 'The … Amanda Baber via RT
Re: [http-auth] [IANA #811201] Protocol Action: '… Julian Reschke