Re: [hybi] Authentication headers

Daniel Stenberg <daniel@haxx.se> Wed, 21 July 2010 18:38 UTC

Return-Path: <daniel@haxx.se>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B093E3A6AF3 for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 11:38:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.349
X-Spam-Level:
X-Spam-Status: No, score=-6.349 tagged_above=-999 required=5 tests=[AWL=-4.100, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Wx5qWl4ubVB for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 11:38:42 -0700 (PDT)
Received: from giant.haxx.se (giant.haxx.se [80.67.6.50]) by core3.amsl.com (Postfix) with ESMTP id 073D03A6A73 for <hybi@ietf.org>; Wed, 21 Jul 2010 11:38:41 -0700 (PDT)
Received: from giant.haxx.se (dast@giant.haxx.se [80.67.6.50]) by giant.haxx.se (8.14.3/8.14.3/Debian-9.1) with ESMTP id o6LIcpgu001005; Wed, 21 Jul 2010 20:38:51 +0200
Date: Wed, 21 Jul 2010 20:38:51 +0200 (CEST)
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@giant.haxx.se
To: Ian Hickson <ian@hixie.ch>
In-Reply-To: <Pine.LNX.4.64.1007210653190.7242@ps20323.dreamhostps.com>
Message-ID: <alpine.DEB.2.00.1007212033580.18842@tvnag.unkk.fr>
References: <AANLkTimo9g4Tvzd1RekVXKtTpOhRz58jr7VLqhS-Wrdf@mail.gmail.com> <Pine.LNX.4.64.1007210653190.7242@ps20323.dreamhostps.com>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-4.3.5 (giant.haxx.se [80.67.6.50]); Wed, 21 Jul 2010 20:38:52 +0200 (CEST)
Cc: hybi@ietf.org
Subject: Re: [hybi] Authentication headers
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2010 18:38:45 -0000

On Wed, 21 Jul 2010, Ian Hickson wrote:

> HTTP auth is used so rarely that I'd seriously consider dropping it from 
> HTTP at this point; I really don't think it's worth adding to WebSockets.

Sorry, but this is just a guess from you and I don't see how you have any 
numbers to back this up.

In my view as a non-browser client author, HTTP auth is very frequently used. 
It might not be as common as cookies for web based authentication, but HTTP is 
way larger than just browser based operations.

(I realize this is only on the border of being on-topic for this list, but I 
couldn't resist responding to such a bold claim.)

-- 

  / daniel.haxx.se