Re: [hybi] About authentication mechanism
Iñaki Baz Castillo <ibc@aliax.net> Wed, 29 June 2011 13:01 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F8DD11E8075 for <hybi@ietfa.amsl.com>; Wed, 29 Jun 2011 06:01:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.677
X-Spam-Level:
X-Spam-Status: No, score=-2.677 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0GMNwwnyh+gD for <hybi@ietfa.amsl.com>; Wed, 29 Jun 2011 06:01:29 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by ietfa.amsl.com (Postfix) with ESMTP id E975A11E8070 for <hybi@ietf.org>; Wed, 29 Jun 2011 06:01:28 -0700 (PDT)
Received: by qyk29 with SMTP id 29so882886qyk.10 for <hybi@ietf.org>; Wed, 29 Jun 2011 06:01:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.44.132 with SMTP id a4mr513319qcf.287.1309352488432; Wed, 29 Jun 2011 06:01:28 -0700 (PDT)
Received: by 10.229.240.15 with HTTP; Wed, 29 Jun 2011 06:01:28 -0700 (PDT)
In-Reply-To: <20110629054140.ef1fc80126c74c6c202a919c41c7bb0b.9ab03fb9ba.wbe@email03.secureserver.net>
References: <20110629054140.ef1fc80126c74c6c202a919c41c7bb0b.9ab03fb9ba.wbe@email03.secureserver.net>
Date: Wed, 29 Jun 2011 15:01:28 +0200
Message-ID: <CALiegfkziM9kMZP9m7ETMPF9==hxF2+P-ohP34_kbH9fmB2q+w@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: Bob Gezelter <gezelter@rlgsc.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: hybi@ietf.org, gregw@intalio.com
Subject: Re: [hybi] About authentication mechanism
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2011 13:01:30 -0000
(now correctly replying to the list address): 2011/6/29 Bob Gezelter <gezelter@rlgsc.com>: > In summary, the WebSocket protocol does need a framework for > authentication, and to enable interoperaability, a registry of published > authentication schemes within that framework, with provisions for local > extensions. It does not need a specific authentication scheme as part of > the specification. Any such scheme should include provisions for > unauthenticated/anonymous connections. It makes lot of sense. I agree that an authentication framework should be needed (better than a single authentication mechanism) and, of course, an API for managing it from the client side. The problem is that the WG seems not to want to cover this area at all, and instead let the authentication process at WS subprotocol level, leaving all the possible challenge computation at pure JavaScript level (danger danger). The fact that there is no broad consensus in the need of this mechanism, neither interest, does not justify publishing the protocol as it is. Come on WG, if nobody in the WG would care about which encoding to use in WebSocket protocol, would the protocol born without specifying it??? This is a protocol specification, not a FAQ, there cannot be black holes. -- Iñaki Baz Castillo <ibc@aliax.net>
- [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Greg Wilkins
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism John Tamplin
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism Greg Wilkins
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism John Tamplin
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism John Tamplin
- Re: [hybi] About authentication mechanism Greg Wilkins
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Bob Gezelter
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Greg Wilkins
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo