[http-auth] (Due Dec 15) Mutual-auth issues (part 5)
大岩寛 <y.oiwa@aist.go.jp> Wed, 02 December 2015 05:30 UTC
Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B06E1A1BFE for <http-auth@ietfa.amsl.com>; Tue, 1 Dec 2015 21:30:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.298
X-Spam-Level: *
X-Spam-Status: No, score=1.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CHARSET_FARAWAY_HEADER=3.2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yag46EvgjnBt for <http-auth@ietfa.amsl.com>; Tue, 1 Dec 2015 21:30:53 -0800 (PST)
Received: from APC01-HK2-obe.outbound.protection.outlook.com (mail-hk2apc01on0043.outbound.protection.outlook.com [104.47.124.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC0FB1A1BF3 for <http-auth@ietf.org>; Tue, 1 Dec 2015 21:30:52 -0800 (PST)
Received: from OS1PR01MB0200.jpnprd01.prod.outlook.com (10.161.230.139) by OS1PR01MB0199.jpnprd01.prod.outlook.com (10.161.229.19) with Microsoft SMTP Server (TLS) id 15.1.331.20; Wed, 2 Dec 2015 05:30:48 +0000
Received: from OS1PR01MB0200.jpnprd01.prod.outlook.com ([10.161.230.139]) by OS1PR01MB0200.jpnprd01.prod.outlook.com ([10.161.230.139]) with mapi id 15.01.0331.023; Wed, 2 Dec 2015 05:30:48 +0000
From: 大岩寛 <y.oiwa@aist.go.jp>
To: "http-auth@ietf.org" <http-auth@ietf.org>
Thread-Topic: (Due Dec 15) Mutual-auth issues (part 5)
Thread-Index: AdEswaG5yrdRgFV1To+xlwTRHoRcAg==
Date: Wed, 02 Dec 2015 05:30:47 +0000
Message-ID: <OS1PR01MB0200B147494C1C69D780C9CBA00E0@OS1PR01MB0200.jpnprd01.prod.outlook.com>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=y.oiwa@aist.go.jp;
x-originating-ip: [1.79.30.166]
x-microsoft-exchange-diagnostics: 1; OS1PR01MB0199; 5:oqs4fqJBNVhTmCzHJF8+BdHrSEYPAcNX3A/ptLU4r3CdsyPUxD8sj9GlWVPeOyFoF10NKFIZ6S9sPPEDx0HyL+LACDDQYRfo+5dLPU3YfNGv7cwbwQYkAXgyDKv13/YTc/mAk+YYktvBhUHeQJhm3w==; 24:gfKTwlGaLx+d5dHgV1IKlcEdPA51LIF6NrVMO52qYDPdV81DK/EYFKNb8H3tGKN36/qgbt54p/dgFLgYvb/QlhQarzhwktWjsUZovzsM5L0=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:OS1PR01MB0199;
x-microsoft-antispam-prvs: <OS1PR01MB0199BEE6216894EF70070545A00E0@OS1PR01MB0199.jpnprd01.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(58186630543729);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(2401047)(5005006)(520078)(8121501046)(3002001)(10201501046); SRVR:OS1PR01MB0199; BCL:0; PCL:0; RULEID:; SRVR:OS1PR01MB0199;
x-forefront-prvs: 077884B8B5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(189002)(199003)(11100500001)(5008740100001)(85182001)(86362001)(102836003)(15975445007)(5004730100002)(77096005)(76576001)(3846002)(50986999)(229853001)(586003)(74482002)(122556002)(6116002)(2900100001)(2351001)(40100003)(87936001)(105586002)(74316001)(92566002)(19580405001)(54356999)(1220700001)(66066001)(5002640100001)(33656002)(5003600100002)(2501003)(5001960100002)(1096002)(97736004)(19580395003)(107886002)(81156007)(189998001)(101416001)(10400500002)(450100001)(106356001)(110136002); DIR:OUT; SFP:1101; SCL:1; SRVR:OS1PR01MB0199; H:OS1PR01MB0200.jpnprd01.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: aist.go.jp does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: aist.go.jp
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Dec 2015 05:30:47.9972 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 18a7fec8-652f-409b-8369-272d9ce80620
X-MS-Exchange-Transport-CrossTenantHeadersStamped: OS1PR01MB0199
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/vSJp64wJK_b-5PpbhvqPRIBxDPQ>
Subject: [http-auth] (Due Dec 15) Mutual-auth issues (part 5)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 05:30:55 -0000
Dear all HTTPAUTH WG members, I'd like to have your comments on the following four issues. Please make your initial response *before December 15*, or the WG will consider these issues as successfully resolved (as the WG Chair said in the Prague meeting.) We appreciate your responses in any of the following form: * on the github issue tracking system (comments, pull-request etc.) * on this mailing list * on the private email We'll summarize comments on the medium above, and send it to this mailing list. (Please be understood that your comments on the private email may be included in the summary and published.) ==== draft-ietf-httpauth-extension ==== = Section 3: Optional authentication = [P15] We use new header for optional possibility of authentications, OK? WG discussion have mentioned that the current choice is more friendly for existing proxies and other implementations. Also it will co-exist with Cookie-based authentication. https://github.com/yoiwa/httpauth-mutual/issues/15 = Section 4: General issues = [P16] Length of parameter names: Some requests are there, that we should shorten name of parameters: how far we should go? https://github.com/yoiwa/httpauth-mutual/issues/16 = Section 4.6 = [P17] Is it reasonable to use logout-timeout=0 for logout request? Or, something more explicit like "request-logout=true" is preferred? https://github.com/yoiwa/httpauth-mutual/issues/17 = Section 7: IANA registration = [P18] Choice of Requirement specification levels for new parameters: Both our choice and the WG's discussion result in Dallas are "Specification Required". Is it OK? (See RFC 5226 for other choices, again.) https://github.com/yoiwa/httpauth-mutual/issues/18 -- Yutaka OIWA, Ph.D. Leader, Cyber Physical Architecture Research Group Information Technology Research Institute National Institute of Advanced Industrial Science and Technology (AIST) Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp> OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D 3139 8677 9BD2 4405 46B5]