IETF Logo Mail Archive

[http-auth] Pete Resnick's No Objection on draft-ietf-httpauth-basicauth-update-06: (with COMMENT)

"Pete Resnick" <presnick@qti.qualcomm.com> Wed, 18 February 2015 21:49 UTC

Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A475A1A1B19; Wed, 18 Feb 2015 13:49:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-E-zL7U4OSB; Wed, 18 Feb 2015 13:49:33 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A831A1B47; Wed, 18 Feb 2015 13:49:27 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Pete Resnick <presnick@qti.qualcomm.com>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.11.0.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150218214927.31074.15996.idtracker@ietfa.amsl.com>
Date: Wed, 18 Feb 2015 13:49:27 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/xVv4CdoYDEZWPKVWj-eNF7qjMmY>
Cc: http-auth@ietf.org, draft-ietf-httpauth-basicauth-update.all@ietf.org, httpauth-chairs@ietf.org
Subject: [http-auth] Pete Resnick's No Objection on draft-ietf-httpauth-basicauth-update-06: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2015 21:49:35 -0000

Pete Resnick has entered the following ballot position for
draft-ietf-httpauth-basicauth-update-06: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
http://datatracker.ietf.org/doc/draft-ietf-httpauth-basicauth-update/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

2: I'd at least like to hear an explanation about why this is
unreasonable (if it is):

OLD
   Furthermore, a user-id containing a colon character is invalid, as
   recipients will split the user-pass at the first occurrence of a
   colon character.  Note that many user agents however will accept a
   colon in user-id, thereby producing a user-pass string that
   recipients will likely treat in a way not intended by the user.
NEW
   Furthermore, a user-id MUST NOT contain a colon character, as
   recipients will split the user-pass at the first occurrence of a
   colon character.  Many user agents will accept a colon in user-id,
   but this produces a user-pass string that recipients will likely
   treat in a way not intended by the user.
END

MUST NOT means that not using a colon is required for interoperation.
Which is true. So I don't see why you don't come out and say that.

v2.23.0 | Report a Bug | By Email