IETF Logo Mail Archive

Re: [http-auth] Authentication-Info

Michael Sweet <msweet@apple.com> Tue, 02 December 2014 14:06 UTC

Return-Path: <msweet@apple.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFC1C1A1B3D for <http-auth@ietfa.amsl.com>; Tue, 2 Dec 2014 06:06:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SSZNCou92iav for <http-auth@ietfa.amsl.com>; Tue, 2 Dec 2014 06:06:16 -0800 (PST)
Received: from mail-in5.apple.com (mail-out5.apple.com [17.151.62.27]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E03231A1B99 for <http-auth@ietf.org>; Tue, 2 Dec 2014 06:06:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1417529175; x=2281442775; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=r7xLie2wAfb/VgXDfxH2H5q9l8b2OTRHCzFEOX1840I=; b=MwiUP/ByJ7fBDg53eR7UYKTv1oJ5pNj9sgrGNdsZlMi2jAUBMHJ220vUYcsi6YKO CrQGWHh4eMtx6NK1iHKWuNDQqAl0uRLLTNI2H3nmFgigGId8G7Zo6h4TtZHFqJRD d8rWR+wXMJCO6MwuS3RA8aFsRl0Dedcop2KwjXI8urynyT/7sumGLthSV+qxRLVm mhygO68qc7AlSHTBf72gUQZdjAXHLujMM+oErww7hU1rf59R0kGXSgbJIfDFG6K6 5oaiTISFXiLZDKvCvRucPbw0cLkWftHiLudnEcCaj2W1r0OyQevtyYyCxy3HQMn7 KkRbjf2IGDAJmrrQCkNoqw==;
Received: from relay2.apple.com (relay2.apple.com [17.128.113.67]) by mail-in5.apple.com (Apple Secure Mail Relay) with SMTP id 22.E8.02334.757CD745; Tue, 2 Dec 2014 06:06:15 -0800 (PST)
X-AuditID: 11973e13-f79ee6d00000091e-67-547dc7573a44
Received: from cardamom.apple.com (cardamom.apple.com [17.128.115.94]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by relay2.apple.com (Apple SCV relay) with SMTP id F9.7D.05858.157CD745; Tue, 2 Dec 2014 06:06:09 -0800 (PST)
Received: from [17.153.21.172] by cardamom.apple.com (Oracle Communications Messaging Server 7.0.5.30.0 64bit (built Oct 22 2013)) with ESMTPSA id <0NFY00GX2KIB9720@cardamom.apple.com> for http-auth@ietf.org; Tue, 02 Dec 2014 06:06:14 -0800 (PST)
MIME-version: 1.0 (Mac OS X Mail 8.1 \(1993\))
Content-type: multipart/signed; boundary="Apple-Mail=_C35528BA-59FE-4DE4-B081-DF47D3BD4D3A"; protocol="application/pkcs7-signature"; micalg="sha1"
From: Michael Sweet <msweet@apple.com>
In-reply-to: <547DB5D1.5040909@gmx.de>
Date: Tue, 02 Dec 2014 09:06:11 -0500
Message-id: <80CDF820-6493-46BD-BB36-2E4990B966DF@apple.com>
References: <547DB5D1.5040909@gmx.de>
To: Julian Reschke <julian.reschke@gmx.de>
X-Mailer: Apple Mail (2.1993)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrKLMWRmVeSWpSXmKPExsUi2FDorBt+vDbE4PV9FosP++cwOTB6LFny kymAMYrLJiU1J7MstUjfLoEr4868TewF9z0qmrdPZmxgvOrcxcjJISFgIjF5+U8mCFtM4sK9 9WwgtpDAXkaJXy89uhg5wGo2vE/qYuQCCk9kkrjy8To7hPOHUWJRyzpWkAZhAR2Je8+Ogtm8 AnoSTU8eM4EUMQtMYZTYPn8G2FQ2ATWJ35P6wIo4gewDv6cxg9gsAqoS77dvYgGxmQV0JZae 7GaEGGQj8Xrzd2aIi1Ql5izYAFYjIqAlcfveXkaIq2Ul/l08ww5hb2CTWHIucQKj0Cwkd8xC dscssB3aEssWvmaeBfQdM9DhkxcyQoRNJZ683Q5VYi3xc84jqLiixJTuh+wLGNlXMQrlJmbm 6GbmmeolFhTkpOol5+duYgTFw3Q74R2Mp1dZHWIU4GBU4uE9cb4mRIg1say4MvcQozQHi5I4 7y792hAhgfTEktTs1NSC1KL4otKc1OJDjEwcnFINjM2u7YzvFN+qHnxXdFvE4uIZXR67PynN rbvXik9iniBjFvH0Yo5xVLRfxqI12/n1Hr+UtXfyimSXCbv8IujRrMPTNxb/fX5718E4a6Pt 7w9NedIQHtdR5zRL/OIVoUj+s15l8zkSjtXxt4vNFNj4a2OCS8fTts/MZmKleffrf5sxxvM0 rd/Mp8RSnJFoqMVcVJwIAEYo8wFoAgAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrGLMWRmVeSWpSXmKPExsUi2FAcpxt4vDbEYNllTosP++cwOTB6LFny kymAMYrLJiU1J7MstUjfLoEr4868TewF9z0qmrdPZmxgvOrcxcjBISFgIrHhfVIXIyeQKSZx 4d56ti5GLg4hgYlMElc+XmeHcP4wSixqWccKUiUsoCNx79lRMJtXQE+i6cljJpAiZoEpjBLb 589gA0mwCahJ/J7UB1bECWQf+D2NGcRmEVCVeL99EwuIzSygK7H0ZDcjxCAbidebv4PVCAHV zFmwAaxGREBL4va9vYwQ58lK/Lt4hn0CI/8sJLtnIds9C2yutsSyha+ZZwF9xwx07OSFjBBh U4knb7dDlVhL/JzzCCquKDGl+yH7Akb2VYwCRak5iZVGeokFBTmpesn5uZsYwSFc6LyD8dgy q0OMAhyMSjy8J87XhAixJpYVV+YeYlQBGvFow+oLjFIsefl5qUoivL+Ma0OEeFMSK6tSi/Lj i0pzUosPMUpzsCiJ81Y9yg0REkhPLEnNTk0tSC2CyTJxcEo1MM4tTV+w3bMzJnn+50PzNvuX TFhydZ930c08xtrNn8QEnnsy9jx12NGZs39vxK9ypSurbyx7YPiFiWfXT+1rypH/DHKb/yl7 3356/pK8q1id2bKfMR5H1NZc1vzxb+Euu/CEZa+c/Q+8u7X6X2tI4aSz3fxzlGYffRbfmGK3 Yeu6rSr6r96EX9RQYinOSDTUYi4qTgQAAg+y+WkCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/vg4yDcdGx5K0QGfQcOIN5QX4PAc
Cc: "http-auth@ietf.org" <http-auth@ietf.org>
Subject: Re: [http-auth] Authentication-Info
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 14:06:23 -0000

Julian,

> On Dec 2, 2014, at 7:51 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
> 
> Hi there,
> 
> this is a minor outstanding issue with the Digest and SCRAM drafts. It was discussed in both the WG sessions and in hallway conversations.
> 
> This header field originally was defined in the "Digest" part of RFC 2617, and consequently, it was copied over into <http://tools.ietf.org/html/draft-ietf-httpauth-digest-08#section-3.5>.
> 
> <http://tools.ietf.org/html/draft-ietf-httpauth-scram-auth-04> currently uses it as well, but with with a slightly differing syntax.
> 
> Given the fact that we have two authentication scheme definitions that have a use case for this header field -- shouldn't we define it in a way so that it becomes a generic (optional) feature for authentications schemes?
> 
> Choices:
> 
> 1) The cleanest approach seems to move the definition into a separate spec which later can be absorbed by a future RFC7235bis. I volunteer to write that spec (it'll be very short), but this would require changes to the Digest spec post-WGLC.
> 
> 2) Alternatively, we could tune the Digest draft to introduce the header field in a more generic way, allowing other schemes to use it as well. That would avoid a dependency to a yet unwritten spec, but the complexity wouldn't really change.
> 
> 3) We can tell Alexey to pick a different field name, which would shift all required changes to the SCRAM spec.

In the interests of schedule, I would favor options 2 and 3.

In the interests of reuse/generic use, option 2 would seem to be the way to go.

If we want to minimize changes to both specs, then extending the ABNF in the digest spec to include an optional initial auth-scheme would take of things.  Alternately we can just define a standard "scheme" parameter that contains the auth-scheme value, which has the added benefit of allowing new Digest implementations to include it without breaking existing ones.

(and of course nothing prevents a 7235bis from adopting the definition in the new Digest spec, you just avoid the delay of developing a dependent spec now...)

_________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair

v2.23.0 | Report a Bug | By Email