Re: Adding user@ to HTTP[S] URIs
Daniel Stenberg <daniel@haxx.se> Mon, 27 January 2020 14:26 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB18F12004E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 27 Jan 2020 06:26:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.651
X-Spam-Level:
X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I3YGfJt_qZh9 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 27 Jan 2020 06:26:30 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76D3D12006D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 27 Jan 2020 06:26:30 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1iw5JJ-0003rp-5Z for ietf-http-wg-dist@listhub.w3.org; Mon, 27 Jan 2020 14:24:17 +0000
Resent-Date: Mon, 27 Jan 2020 14:24:17 +0000
Resent-Message-Id: <E1iw5JJ-0003rp-5Z@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <daniel@haxx.se>) id 1iw5JH-0003r3-I8 for ietf-http-wg@listhub.w3.org; Mon, 27 Jan 2020 14:24:15 +0000
Received: from www.haxx.se ([2a00:1a28:1200:9::2] helo=giant.haxx.se) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <daniel@haxx.se>) id 1iw5JF-0006Df-TM for ietf-http-wg@w3.org; Mon, 27 Jan 2020 14:24:15 +0000
Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id 00REO8AD025344 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 27 Jan 2020 15:24:08 +0100
Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id 00REO73s025336; Mon, 27 Jan 2020 15:24:07 +0100
X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs
Date: Mon, 27 Jan 2020 15:24:07 +0100
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@giant.haxx.se
To: Rick van Rein <rick@openfortress.nl>
cc: James Fuller <jim@webcomposite.com>, Austin Wright <aaa@bzfx.net>, "HTTPbis WG (IETF)" <ietf-http-wg@w3.org>
In-Reply-To: <5E2EEB7C.9030100@openfortress.nl>
Message-ID: <alpine.DEB.2.20.2001271515570.18042@tvnag.unkk.fr>
References: <5E2B76EC.5000300@openfortress.nl> <BB50C7B7-3861-4054-AFB7-6F1C287AFEE6@gmail.com> <5E2C2039.7080303@openfortress.nl> <0bb7f153-57ea-7cb4-59e2-26ee2e41d928@treenet.co.nz> <5E2C4738.8010609@openfortress.nl> <alpine.DEB.2.20.2001251614520.15685@tvnag.unkk.fr> <5E2C65D7.7030408@openfortress.nl> <4859592D-1B93-49E0-9661-5E24FDAC276F@bzfx.net> <5E2D630A.604@openfortress.nl> <CAEaz5mtYyvei8wxb4_1H36N2PkrU+-47uqn2KtitqMtd9LRwsQ@mail.gmail.com> <5E2ED158.1030909@openfortress.nl> <alpine.DEB.2.20.2001271319120.18042@tvnag.unkk.fr> <5E2EEB7C.9030100@openfortress.nl>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Received-SPF: none client-ip=2a00:1a28:1200:9::2; envelope-from=daniel@haxx.se; helo=giant.haxx.se
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1iw5JF-0006Df-TM 9ccd8d06f6a79065186000ac8d8521f6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Adding user@ to HTTP[S] URIs
Archived-At: <https://www.w3.org/mid/alpine.DEB.2.20.2001271515570.18042@tvnag.unkk.fr>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37303
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Mon, 27 Jan 2020, Rick van Rein wrote: > How shocking would it be to current usage of the Basic pattern to use an > explicit, empty password? Several other browsers use "foo:@localhost" for > Basic if they want to avoid popups. I'm not suggesting that curl's way of treating this information is the golden standard or anything neither for URI parsing nor HTTP headers. I'm just providing datapoints showing this is a tough change. (curl has supported this URI style since 2003) -- / daniel.haxx.se
- Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Michael Toomim
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Amos Jeffries
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Daniel Stenberg
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Paul Vixie
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Julian Reschke
- Re: Adding user@ to HTTP[S] URIs James Fuller
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Amos Jeffries
- Re: Adding user@ to HTTP[S] URIs Matthew Kerwin
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Daniel Stenberg
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Julian Reschke
- Re: Adding user@ to HTTP[S] URIs Daniel Stenberg
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Daniel Stenberg
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Amos Jeffries
- Re: Adding user@ to HTTP[S] URIs Willy Tarreau
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Rick van Rein
- Re: Adding user@ to HTTP[S] URIs Rick van Rein