W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

Re: #308: need to reserve "negotiate" as auth scheme name

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 03 Aug 2011 16:03:08 +0200
Message-ID: <4E39551C.5090902@gmx.de>
To: HTTP Working Group <ietf-http-wg@w3.org>
On 2011-07-28 16:34, Julian Reschke wrote:
> Hi,
>
> I've got a TODO to mark the authentication scheme name "negotiate" as
> reserved (in draft-ietf-httpbis-authscheme-registrations); see
> <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/308>.
>
> Thoughts:
>
> - the registry doesn't have a "status" entry; should we add that (with
> what values)?
>
> - if we keep the registry simple, what's the reference we would put in?
> A pointer to a new appendix in
> draft-ietf-httpbis-authscheme-registrations, noting that "negotiate" is
> reserved as a scheme name, but it's not a valid scheme as per our
> requirements?
>
> - that being said, should there be an erratum on RFC 4559 pointing out
> the problems?
>
> Best regards, Julian

OK,

- I have added a "Notes" entry to the auth scheme registry (see 
<http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1371>), and

- added 'Negotiate' 
(<http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1372>) with a 
Note saying:

"This authentication scheme violates both HTTP semantics (being 
connection-oriented) and syntax (use of syntax incompatible with the 
WWW-Authenticate and Authorization header field syntax)."

I also opened two errata on RFC 4559; see 
<http://www.rfc-editor.org/errata_search.php?eid=2912> and 
<http://www.rfc-editor.org/errata_search.php?eid=2913>.

Best regards, Julian
Received on Wednesday, 3 August 2011 14:03:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:46 GMT