[http-auth] Stephen Farrell's Yes on draft-ietf-httpauth-basicauth-update-06: (with COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Tue, 17 February 2015 01:52 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C9F81A8963; Mon, 16 Feb 2015 17:52:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3aDLUyMzvu1H; Mon, 16 Feb 2015 17:52:02 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF891A895E; Mon, 16 Feb 2015 17:52:02 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.11.0.p1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150217015202.9887.27442.idtracker@ietfa.amsl.com>
Date: Mon, 16 Feb 2015 17:52:02 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/xwSFyXFv4bwuH19AnjwycrcLgt8>
Cc: http-auth@ietf.org, draft-ietf-httpauth-basicauth-update.all@ietf.org, httpauth-chairs@ietf.org
Subject: [http-auth] Stephen Farrell's Yes on draft-ietf-httpauth-basicauth-update-06: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2015 01:52:04 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-httpauth-basicauth-update-06: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-httpauth-basicauth-update/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- This is a pretty crappy auth scheme, but this is a pretty good update and fills a need, thanks for the latter:-) - section 2: is it worth saying somewhere that you can't really have >1 proxy-auth happening even if you transit >1 proxy? - section 2, last para: I assume this is because client and/or server behaviour varies for this? If so, maybe it'd be good to give some guidance or add a reference (if a good one exists). If there's some other reason, it'd be good to say too. - section 4: would it be worth adding some guidance that re-use of e.g. entreprise login/SSO passwords for proxy-auth is particularly dodgy as is not protected via TLS?
- [http-auth] Stephen Farrell's Yes on draft-ietf-h… Stephen Farrell
- Re: [http-auth] Stephen Farrell's Yes on draft-ie… Julian Reschke