Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 12 February 2015 20:14 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73CB71A8029; Thu, 12 Feb 2015 12:14:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D3litz3h1sGr; Thu, 12 Feb 2015 12:13:51 -0800 (PST)
Received: from mail-la0-f44.google.com (mail-la0-f44.google.com [209.85.215.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD7F11A6FE6; Thu, 12 Feb 2015 12:11:43 -0800 (PST)
Received: by labpn19 with SMTP id pn19so12315883lab.4; Thu, 12 Feb 2015 12:11:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=UUXeA4zE0/P12Q6w3LY19RWunZDI4QWZam1PA2tv6DU=; b=KAxRjfoCSkdu9aLkazc/FtlDUe6ISIzgEdYcZ/CY4QWBpr2Si7cR2rajkL4OUSsVZd eolu9m6MiZ0LCNGi67jLIUR1PKFN5EB12JO+/0JgoqQh7w2LT3fmJS2si3OnCpsWOVYM 3jYlKZHKpDFXywcZYsvvZM+H8vFjD+BTOBdGJ5tR3pg5eT/t0jLa2KZ5rjkDP5WhN2Yy jeWHkVaY7iwW7yRkNqIHo71wZ6UCtceIh6Bzt27EWA6+05LQ4dLffU8uixUn++de7BKm gxDiUYoyOu/sHjuNYbXDGu+i5rdcqvPocxGiTt4GOtsybRr1qXupCrVrH5WJTGLCWn8i RolQ==
MIME-Version: 1.0
X-Received: by 10.112.181.41 with SMTP id dt9mr5074676lbc.56.1423771900460; Thu, 12 Feb 2015 12:11:40 -0800 (PST)
Received: by 10.112.167.101 with HTTP; Thu, 12 Feb 2015 12:11:40 -0800 (PST)
In-Reply-To: <54DA7F45.8080608@gmx.de>
References: <20150205161049.4222.88369.idtracker@ietfa.amsl.com> <kdr7da51k6t581cdppljqvdnf6401cjb4o@hive.bjoern.hoehrmann.de> <54D462A6.1030709@gmx.de> <54DA628E.6030702@att.com> <54DA75B6.3050005@gmx.de> <vsukdalb7of6k0rphu1rpvnfugtcqi1hnl@hive.bjoern.hoehrmann.de> <54DA7F45.8080608@gmx.de>
Date: Thu, 12 Feb 2015 15:11:40 -0500
Message-ID: <CAHbuEH4MDVBMq1av6HiH1+W3vA+eneDGfCGJxF71FbY1psUcng@mail.gmail.com>
Subject: Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Content-Type: multipart/alternative; boundary=001a11c369865e4339050ee9baaa
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/AZhQIsHGIKr1fMArrd-o6Sr5tz8>
Cc: "http-auth@ietf.org" <http-auth@ietf.org>, Bjoern Hoehrmann <derhoermi@gmx.net>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2015 20:14:02 -0000

On Tue, Feb 10, 2015 at 4:59 PM, Julian Reschke <julian.reschke@gmx.de>;
wrote:

> On 2015-02-10 22:46, Bjoern Hoehrmann wrote:
>
>> * Julian Reschke wrote:
>>
>>> On 2015-02-10 20:57, Tony Hansen wrote:
>>>
>>>> On 2/6/15 1:43 AM, Julian Reschke wrote:
>>>>
>>>>> On 2015-02-05 23:49, Bjoern Hoehrmann wrote:
>>>>>
>>>>>> * The IESG wrote:
>>>>>>
>>>>>>> Abstract
>>>>>>>
>>>>>>>     This document defines the "Basic" Hypertext Transfer Protocol
>>>>>>> (HTTP)
>>>>>>>     Authentication Scheme, which transmits credentials as
>>>>>>> userid/password
>>>>>>>     pairs, obfuscated by the use of Base64 encoding.
>>>>>>>
>>>>>>
>>  How is the intent actually relevant here?
>>>
>>
>> According to the Abstract the intent is obfuscation. If the intent is
>> not relevant, then the Abstract should not draw attention to it. That
>> is pretty much why I brought this up.
>>
>
> I don't see anything about intent here. It's simply a statement of facts.
>

With no hat on -
I wouldn't call an encoding obfuscation either.  It looks like this text is
specific to this draft and was not in RFC2617.  It doesn't really help
anything IMO, could you instead just state that Base64 encoding is used?

Thanks,
Kathleen

>
> Best regards, Julian
>
>
> _______________________________________________
> http-auth mailing list
> http-auth@ietf.org
> https://www.ietf.org/mailman/listinfo/http-auth
>



-- 

Best regards,
Kathleen