Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard

Bjoern Hoehrmann <derhoermi@gmx.net> Tue, 10 February 2015 21:46 UTC

Return-Path: <derhoermi@gmx.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA48C1A86FF; Tue, 10 Feb 2015 13:46:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qt2amhT50Hn2; Tue, 10 Feb 2015 13:46:27 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF62F1A8701; Tue, 10 Feb 2015 13:46:26 -0800 (PST)
Received: from netb ([89.204.130.198]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Lwarz-1XXXIC24X1-018NFs; Tue, 10 Feb 2015 22:46:21 +0100
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Julian Reschke <julian.reschke@gmx.de>
Subject: Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard
Date: Tue, 10 Feb 2015 22:46:19 +0100
Message-ID: <vsukdalb7of6k0rphu1rpvnfugtcqi1hnl@hive.bjoern.hoehrmann.de>
References: <20150205161049.4222.88369.idtracker@ietfa.amsl.com> <kdr7da51k6t581cdppljqvdnf6401cjb4o@hive.bjoern.hoehrmann.de> <54D462A6.1030709@gmx.de> <54DA628E.6030702@att.com> <54DA75B6.3050005@gmx.de>
In-Reply-To: <54DA75B6.3050005@gmx.de>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:etW6E9I2WbfH2i/xLEmsAR5BOG7/c2gWjIda+uorsXKHvku08W8 A2xNpHaINBfT8XrBId6y6WqA7WZcY/4xpPFnRkGpUs0uFQN+VGNullH14hhKXY8zQKXoz5t 9z88wvFqpA5Yc3+dWsSdWA2dB6byy1QLv0GyUCHW1zay8X0TBucpSwlpUNTqX2OIrXT51Lb Ep7leWD7JlMB7roMFN4Jw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/Bciwwl1QRypuio2ep3_Rkpf_V6k>
Cc: http-auth@ietf.org, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Feb 2015 21:46:29 -0000

* Julian Reschke wrote:
>On 2015-02-10 20:57, Tony Hansen wrote:
>> On 2/6/15 1:43 AM, Julian Reschke wrote:
>>> On 2015-02-05 23:49, Bjoern Hoehrmann wrote:
>>>> * The IESG wrote:
>>>>> Abstract
>>>>>
>>>>>    This document defines the "Basic" Hypertext Transfer Protocol (HTTP)
>>>>>    Authentication Scheme, which transmits credentials as
>>>>> userid/password
>>>>>    pairs, obfuscated by the use of Base64 encoding.

>How is the intent actually relevant here?

According to the Abstract the intent is obfuscation. If the intent is
not relevant, then the Abstract should not draw attention to it. That
is pretty much why I brought this up.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
 Available for hire in Berlin (early 2015)  · http://www.websitedev.de/