RE: Informal Last Call for draft-reschke-basicauth-enc-04, was: Fwd: I-D Action: draft-reschke-basicauth-enc-04.txt

"Manger, James H" <James.H.Manger@team.telstra.com> Mon, 30 January 2012 01:24 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96CB921F8545 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 29 Jan 2012 17:24:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.997
X-Spam-Level:
X-Spam-Status: No, score=-4.997 tagged_above=-999 required=5 tests=[AWL=5.603, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ubWVrO+Oq2PZ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 29 Jan 2012 17:24:11 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id E4CF021F8543 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 29 Jan 2012 17:24:10 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1RrfyB-0005eq-EP for ietf-http-wg-dist@listhub.w3.org; Mon, 30 Jan 2012 01:23:43 +0000
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <James.H.Manger@team.telstra.com>) id 1Rrfxz-0005dx-Ti for ietf-http-wg@listhub.w3.org; Mon, 30 Jan 2012 01:23:31 +0000
Received: from ipxcno.tcif.telstra.com.au ([203.35.82.208]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <James.H.Manger@team.telstra.com>) id 1Rrfxr-0004B4-Uj for ietf-http-wg@w3.org; Mon, 30 Jan 2012 01:23:27 +0000
X-IronPort-AV: E=Sophos;i="4.71,589,1320584400"; d="scan'208";a="60039181"
Received: from unknown (HELO ipccni.tcif.telstra.com.au) ([10.97.216.208]) by ipocni.tcif.telstra.com.au with ESMTP; 30 Jan 2012 12:22:54 +1100
X-IronPort-AV: E=McAfee;i="5400,1158,6604"; a="49369552"
Received: from wsmsg3757.srv.dir.telstra.com ([172.49.40.85]) by ipccni.tcif.telstra.com.au with ESMTP; 30 Jan 2012 12:22:53 +1100
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by wsmsg3757.srv.dir.telstra.com ([172.49.40.85]) with mapi; Mon, 30 Jan 2012 12:22:53 +1100
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Date: Mon, 30 Jan 2012 12:22:51 +1100
Thread-Topic: Informal Last Call for draft-reschke-basicauth-enc-04, was: Fwd: I-D Action: draft-reschke-basicauth-enc-04.txt
Thread-Index: AczenGOHOwjHvIH6RBqFeIPu+1tJmAAS6f1Q
Message-ID: <255B9BB34FB7D647A506DC292726F6E114EAF1B768@WSMSG3153V.srv.dir.telstra.com>
References: <20120129152840.10536.93223.idtracker@ietfa.amsl.com> <4F2567DA.3060608@gmx.de>
In-Reply-To: <4F2567DA.3060608@gmx.de>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received-SPF: none client-ip=203.35.82.208; envelope-from=James.H.Manger@team.telstra.com; helo=ipxcno.tcif.telstra.com.au
X-W3C-Hub-Spam-Status: No, score=-1.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001
X-W3C-Scan-Sig: lisa.w3.org 1Rrfxr-0004B4-Uj efeb283c1eb11a1abafee6b403fa645b
X-Original-To: ietf-http-wg@w3.org
Subject: RE: Informal Last Call for draft-reschke-basicauth-enc-04, was: Fwd: I-D Action: draft-reschke-basicauth-enc-04.txt
Archived-At: <http://www.w3.org/mid/255B9BB34FB7D647A506DC292726F6E114EAF1B768@WSMSG3153V.srv.dir.telstra.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/12255
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1RrfyB-0005eq-EP@frink.w3.org>
Resent-Date: Mon, 30 Jan 2012 01:23:43 +0000

Quick comment on draft-reschke-basicauth-enc-04.txt "An Encoding Parameter for HTTP Basic Authentication":

The text about not including the 'encoding' parameter when sending the password is a bit confusing [section 3].

   For credentials sent by the user agent, the "encoding" parameter is
   reserved for future use and MUST NOT be sent.

   The reason for this is that the information that could be included
   does not seem to be useful to the server, but the additional
   complexity of parsing and processing the additional parameter might
   make this extension harder to deploy.


My guess is that the spec intended to say that including the encoding information *would* be useful, but it cannot be added easily. This is a good illustration of the 3rd dot point from "2.3.1 Considerations for new Authentication Schemes" [draft-ietf-httpbis-p7-auth-18#section-2.3.1]: "b64token ... can only be used once ... future extensions will be impossible".

My suggested replacement for these 2 paragraphs:

   Note: The 'encoding' parameter cannot be included when sending
   credentials (eg in the Authorization header) as the "Basic" scheme
   uses a single base64 token for that ('b64token' syntax), not a
   parameter list ('#auth-param' syntax)
   [draft-ietf-httpbis-p7-auth-18#section-2.1].


P.S. What are the odds that everyone treats the following lines as exactly equivalent to the example of encoding="UTF-8" as they are supposed to?
  encoding=UTF-8
  Encoding="utf\-8"


--
James Manger

-------- Original Message --------
Subject: I-D Action: draft-reschke-basicauth-enc-04.txt
Date: Sun, 29 Jan 2012 07:28:40 -0800
From: internet-drafts@ietf.org
Reply-To: internet-drafts@ietf.org
To: i-d-announce@ietf.org


A New Internet-Draft is available from the on-line Internet-Drafts 
directories.

	Title           : An Encoding Parameter for HTTP Basic Authentication
	Author(s)       : Julian F. Reschke
	Filename        : draft-reschke-basicauth-enc-04.txt
	Pages           : 9
	Date            : 2012-01-29

    The "Basic" authentication scheme defined in RFC 2617 does not
    properly define how to treat non-ASCII characters.  This has lead to
    a situation where user agent implementations disagree, and servers
    make different assumptions based on the locales they are running in.
    There is little interoperability for characters in the ISO-8859-1
    character set, and even less interoperability for any characters
    beyond that.

    This document defines a backwards-compatible extension to "Basic",
    specifying the server's character encoding expectation, using a new
    authentication scheme parameter.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-reschke-basicauth-enc-04.txt