Comments on draft-vanrein-httpauth-sasl-08
Hugo Osvaldo Barrera <hugo@whynothugo.nl> Fri, 03 February 2023 19:25 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E347CC15C522 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 3 Feb 2023 11:25:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.049
X-Spam-Level:
X-Spam-Status: No, score=-5.049 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=whynothugo.nl header.b="TI29DWhI"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="qT6e6lG5"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pgfVUmqNP0zg for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 3 Feb 2023 11:25:27 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5339C1575B5 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 3 Feb 2023 11:25:27 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1pO1eH-000deY-Kn for ietf-http-wg-dist@listhub.w3.org; Fri, 03 Feb 2023 19:23:01 +0000
Resent-Date: Fri, 03 Feb 2023 19:23:01 +0000
Resent-Message-Id: <E1pO1eH-000deY-Kn@lyra.w3.org>
Received: from www-data by lyra.w3.org with local (Exim 4.94.2) (envelope-from <hugo@whynothugo.nl>) id 1pO1eF-000dbf-Kk for ietf-http-wg@listhub.w3.org; Fri, 03 Feb 2023 19:22:59 +0000
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <hugo@whynothugo.nl>) id 1pNsps-006aBP-Ii for ietf-http-wg@listhub.w3.org; Fri, 03 Feb 2023 09:58:24 +0000
Received: from out5-smtp.messagingengine.com ([66.111.4.29]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <hugo@whynothugo.nl>) id 1pNspp-009VLi-BW for ietf-http-wg@w3.org; Fri, 03 Feb 2023 09:58:24 +0000
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id D66295C01C5 for <ietf-http-wg@w3.org>; Fri, 3 Feb 2023 04:58:12 -0500 (EST)
Received: from imap45 ([10.202.2.95]) by compute6.internal (MEProxy); Fri, 03 Feb 2023 04:58:12 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=whynothugo.nl; h=cc:content-type:date:date:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to; s=fm3; t= 1675418292; x=1675504692; bh=ZDdGCS73MHghoKTTknZbqPzV391BkmmWbfg SZq7TCFM=; b=TI29DWhIuGV7jD0IwZv//yDzgClB3GRJEjnnHzcJkzJhhue5WPp 9BBgQcJ1CbOyhqYwU/heqS/45+vf/k3BgyTH+S1NLTROzuxu5G8z1BLeE6V6eVs2 U7kTE+op05qGj74LUAEBwUX1gdJqY5YQN/YwUwbn8BQFO5yn0mG6/fSVHLLHisRr BDeGjgYRAmUVTNVrFCLgkSxzWJNY4lZRLKGWUQMAuNoYWlnhaL3JrJ6B++4PhlR8 7DkP5aKH5CW9Y7KLO6REJVrZiMPWXI7APeYT8A0uiWm0qp+4OLoIAyq2jKxHnFuP 9UQ5FHSUHPHRDEeyRkDhv+mqEZJP2v2iijg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:message-id:mime-version :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1675418292; x= 1675504692; bh=ZDdGCS73MHghoKTTknZbqPzV391BkmmWbfgSZq7TCFM=; b=q T6e6lG5gqAKCJW5lhtR/x2fL2O9En4OTqjgs/jn1xDBCnK7V0raxsEoXREdXQBTK FLhMTRx62IjVWo2m7B2d0raP2MZjgGxd3YG331AKdbfJzkUIA1COBV05m4jmpSKR sKO0z+fkkutmKmtP6c6MYtySIUmI6wJTyvp6OXKMe8J3M6IDilldSEkZVJNJ3ori 7jzcf4oGHRAma0MqbSLc7lfbqAJ+W/Nmsd+1OYG55GKtq7Cb71jEGfRTW4J8qcrp 4Zr1j28l9WO0CRCmjRNn8waXHi7IlxYs+glPsAYmPFaavNK59WAoxSmBLBtGjEQ/ qg1WOFAeGiF9UevQUy9Zg==
X-ME-Sender: <xms:tNrcY1-8GrHeTZoVCvBKvo0pnWvtA1fQYv02C5tR_z5E3g2-zIrjBw> <xme:tNrcY5uqKb_5U4RHYOcq0dj3FnRFWDsF_IqpIUwZw3pMVs0eR9PMHybYSsh7pQeR1 D7EdNa1JDyh4QyVFQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrudegtddgtdejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfjfhughhoucfqshhvrghlughouceurghrrhgvrhgrfdcuoehh uhhgohesfihhhihnohhthhhughhordhnlheqnecuggftrfgrthhtvghrnhepvddtfeduhe eugeelfeeflefffeelfeehheelgeehgeeuhfetleekhfeiveelgfeunecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhughhoseifhhihnhhoth hhuhhgohdrnhhl
X-ME-Proxy: <xmx:tNrcYzA-SXxhxkpNXp9WG9SH2Ukw8HYqZmgCtiJS8RDVInpq94zO8Q> <xmx:tNrcY5cGMvLB2fzKMKp2W8K1y4RTdcjV526JgNeHrBRt7yo6wvx-GA> <xmx:tNrcY6M8sFIq5yPiNDPm0HV0SeBiGDGGu4bnBzFkNAjpZfMZ44OaWg> <xmx:tNrcYwa0fDZGkQWzglzR1qjP2GesSZ1_J5a_AOu4GocJ0obCtjgWVA>
Feedback-ID: i42b9468f:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id AC619272007A; Fri, 3 Feb 2023 04:58:12 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-107-g82c3c54364-fm-20230131.002-g82c3c543
Mime-Version: 1.0
Message-Id: <eefe6ea4-4fbc-4791-927c-d7ac70575e90@app.fastmail.com>
Date: Fri, 03 Feb 2023 09:57:52 +0000
From: Hugo Osvaldo Barrera <hugo@whynothugo.nl>
To: ietf-http-wg@w3.org
Content-Type: text/plain
Received-SPF: pass client-ip=66.111.4.29; envelope-from=hugo@whynothugo.nl; helo=out5-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=hugo@whynothugo.nl domain=whynothugo.nl), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=hugo@whynothugo.nl domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-1.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_NW=1
X-W3C-Scan-Sig: titan.w3.org 1pNspp-009VLi-BW dd5c0a4814ec72a35e00e1afdfebffd0
X-caa-id: 6782cfc3d8
X-Original-To: ietf-http-wg@w3.org
Subject: Comments on draft-vanrein-httpauth-sasl-08
Archived-At: <https://www.w3.org/mid/eefe6ea4-4fbc-4791-927c-d7ac70575e90@app.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/50671
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi, First, a minor note on language: Section 2.1 and 2.2 refer to the "c2c", "c2s", "s2s" and "s2c" fields. These are not "fields", they are *additional parameters* of the WWW-Authenticate header field (this is the nomenclature found in rfc7235 section-4.1). Calling them fields can be a bit confusing, especially during the first read and before reaching the examples in Section 4. I'm not entirely sure if the intended use of the User header is fully clear, nor how User Agents are expected to determine a value for it. Perhaps it is best to further elaborate on this? Those minor comments aside, I do find this specification quite useful and would like to voice my support of the proposal. In particular, HTTP with SASL would be of much use for CalDAV (rfc4791) and CardDAV (rfc6352). Currently it is possible to use email (IMAP and SMTP) with SASL (and therefore, SASL+OAUTH), but there is no standard mechanism to use SASL for address books and calendars. It seems quite clear to me that this specification has a very useful impact in the WebDav space in general. Kind Regards, -- Hugo
- Comments on draft-vanrein-httpauth-sasl-08 Hugo Osvaldo Barrera
- Re: Comments on draft-vanrein-httpauth-sasl-08 Rick van Rein