WGLC: p7 MUSTs
Alex Rousskov <rousskov@measurement-factory.com> Wed, 01 May 2013 05:11 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CDA521F896E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 30 Apr 2013 22:11:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.556
X-Spam-Level:
X-Spam-Status: No, score=-10.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TK591mWXQzfL for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 30 Apr 2013 22:10:47 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id EF45221F8AA6 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 30 Apr 2013 22:10:41 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UXPIj-0006vq-N3 for ietf-http-wg-dist@listhub.w3.org; Wed, 01 May 2013 05:09:57 +0000
Resent-Date: Wed, 01 May 2013 05:09:57 +0000
Resent-Message-Id: <E1UXPIj-0006vq-N3@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <rousskov@measurement-factory.com>) id 1UXPIa-0006t5-HC for ietf-http-wg@listhub.w3.org; Wed, 01 May 2013 05:09:48 +0000
Received: from measurement-factory.com ([209.169.10.130]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <rousskov@measurement-factory.com>) id 1UXPIZ-0005F3-QD for ietf-http-wg@w3.org; Wed, 01 May 2013 05:09:48 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) (authenticated bits=0) by measurement-factory.com (8.14.3/8.14.3) with ESMTP id r4159PAQ071392 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <ietf-http-wg@w3.org>; Tue, 30 Apr 2013 23:09:26 -0600 (MDT) (envelope-from rousskov@measurement-factory.com)
Message-ID: <5180A37D.6050003@measurement-factory.com>
Date: Tue, 30 Apr 2013 23:09:17 -0600
From: Alex Rousskov <rousskov@measurement-factory.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130329 Thunderbird/17.0.5
MIME-Version: 1.0
To: IETF HTTP WG <ietf-http-wg@w3.org>
References: <D69329FD-7456-46C5-BE24-6E7EE7E48C39@mnot.net>
In-Reply-To: <D69329FD-7456-46C5-BE24-6E7EE7E48C39@mnot.net>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=209.169.10.130; envelope-from=rousskov@measurement-factory.com; helo=measurement-factory.com
X-W3C-Hub-Spam-Status: No, score=-2.5
X-W3C-Hub-Spam-Report: RP_MATCHES_RCVD=-2.509, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1UXPIZ-0005F3-QD d630bb8ef21aec6f26b968c723a80c74
X-Original-To: ietf-http-wg@w3.org
Subject: WGLC: p7 MUSTs
Archived-At: <http://www.w3.org/mid/5180A37D.6050003@measurement-factory.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17745
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hello, These comments are based on the "latest" snapshot dated Mon 29 Apr 2013 03:13:05 PM MDT at https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p7-auth.html I hope these issues are "editorial in nature". > For historical reasons, senders MUST only use the quoted-string syntax. Perhaps this can be relaxed to "MUST only generate", especially since another MUST prohibits proxies from modifying WWW-Authenticate and Authorization header fields. And here is a list of requirements that are missing an explicit actor on which the requirement is placed. Even though it is often possible to guess the actor, most of these should be easy to rephrase to place the requirement on the intended actor explicitly (e.g., "A proxy MUST" instead of "a header field MUST": > each parameter name MUST only occur once per challenge > This response MUST include a WWW-Authenticate header > The 407 (Proxy Authentication Required) response message [...] MUST > include a Proxy-Authenticate header field > information necessary to authenticate a request MUST be provided in > the request > It MUST be included as part of a 407 (Proxy Authentication Required) > response. > It MUST be included in 401 (Unauthorized) response messages Please be careful with "send" and "generate" when fixing the above actorless rules so that the proxies do not accidentally become responsible for policing traffic where unnecessary. Thank you, Alex.
- Working Group Last Call on the HTTPbis document s… Mark Nottingham
- Re: Working Group Last Call on the HTTPbis docume… Julian Reschke
- WGLC: p1 MUSTs Alex Rousskov
- Re: WGLC: p1 MUSTs Willy Tarreau
- WGLC: p2 MUSTs Alex Rousskov
- Re: WGLC: p1 MUSTs Alex Rousskov
- Re: WGLC: p1 MUSTs Willy Tarreau
- Re: WGLC: p1 MUST NOT pipeline until connection i… Alex Rousskov
- WGLC: p4 MUSTs Alex Rousskov
- WGLC: p5 MUSTs Alex Rousskov
- WGLC: p6 MUSTs Alex Rousskov
- WGLC: p7 MUSTs Alex Rousskov
- WGLC p1: MUST fix Content-Length? Alex Rousskov
- Re: WGLC: p1 MUST NOT pipeline until connection i… Willy Tarreau
- Re: WGLC p1: MUST fix Content-Length? Willy Tarreau
- Re: WGLC: p1 MUST NOT pipeline until connection i… Alex Rousskov
- Re: WGLC p1: MUST fix Content-Length? Alex Rousskov
- Re: WGLC: p1 MUST NOT pipeline until connection i… Willy Tarreau
- Re: WGLC p1: MUST fix Content-Length? Willy Tarreau
- Re: WGLC: p1 MUST NOT pipeline until connection i… Alex Rousskov
- Re: WGLC p1: MUST fix Content-Length? Alex Rousskov
- Re: WGLC: p1 MUST NOT pipeline until connection i… Willy Tarreau
- Re: WGLC: p5 MUSTs Ken Murchison
- Re: WGLC: p1 MUST NOT pipeline until connection i… Alex Rousskov
- Re: WGLC: p5 MUSTs Alex Rousskov
- Re: WGLC: p7 MUSTs Mark Nottingham
- Re: WGLC p1: MUST fix Content-Length? Mark Nottingham
- Re: WGLC: p1 MUSTs Mark Nottingham
- Re: WGLC: p5 MUSTs Mark Nottingham
- #481, was: WGLC: p7 MUSTs Julian Reschke
- Re: #481, was: WGLC: p7 MUSTs Alex Rousskov
- Re: #481, was: WGLC: p7 MUSTs Julian Reschke
- Re: #481, was: WGLC: p7 MUSTs Alex Rousskov
- Re: #481, was: WGLC: p7 MUSTs Julian Reschke
- Re: #481, was: WGLC: p7 MUSTs Julian Reschke
- #483, was: WGLC p1: MUST fix Content-Length? Julian Reschke
- Re: WGLC: p1 MUSTs Roy T. Fielding
- Re: WGLC: p1 MUSTs Alex Rousskov
- Re: WGLC: p1 MUSTs Roy T. Fielding
- Re: WGLC: p1 MUSTs Roy T. Fielding
- Re: WGLC: p2 MUSTs Roy T. Fielding
- Re: WGLC: p2 MUSTs Amos Jeffries
- Re: WGLC: p4 MUSTs Roy T. Fielding